This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence One. Authentication is not required to exploit this vulnerability.
The flaw exists within the emagent.exe component which listens by default on TCP port 3938. When handling an HTTP request in oranmemso.dll the function nmehl_getURIParams blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.