The specific flaw exists within bwnodeip.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
CVE Link
Exploit Platform
Product Name