HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments.
HP Diagnostics Server has a buffer overflow vulnerability in the
**magentservice.exe** process that could allow unauthenticated remote attackers to execute arbitrary code in the context of the SYSTEM user. The
**magentservice.exe** process listens on port 23472 by default.
A patch is not available at the time of publication. Limit access to TCP port 23472.
This exploit was tested against HP Diagnostics Server 9.20 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.
Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.