HP Application Information Optimizer DataDirect OpenAccess GIOP Remote Code Execution Vulnerability

This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Information Optimizer. Authentication is not required to exploit this vulnerability. The specific flaw exists within oasoa.exe which listens by default on port 19988. A stack-based vulnerability can be triggered when a certain opcode byte is not in the right range. Arbitrary data can be copied to the stack and an attacker may be able to leverage this vulnerability into remote execution of arbitrary code as SYSTEM.