Vulnerabilites related to microfocus - rumba
CVE-2016-9176 (GCVE-0-2016-9176)
Vulnerability from cvelistv5
Published
2016-11-04 00:00
Modified
2024-08-06 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94236 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40648/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Rumba 9.4 |
Version: Micro Focus Rumba 9.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94236",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40648/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Rumba 9.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Micro Focus Rumba 9.4"
}
]
}
],
"datePublic": "2016-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "94236",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/40648/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Rumba 9.4",
"version": {
"version_data": [
{
"version_value": "Micro Focus Rumba 9.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94236"
},
{
"name": "https://www.exploit-db.com/exploits/40648/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/40648/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9176",
"datePublished": "2016-11-04T00:00:00",
"dateReserved": "2016-11-03T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1606 (GCVE-0-2016-1606)
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2016050136 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/91548 | vdb-entry, x_refsource_BID | |
| http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx | x_refsource_CONFIRM | |
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"name": "91548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:33",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"name": "91548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-1606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2016050136",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"name": "91548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91548"
},
{
"name": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx",
"refsource": "CONFIRM",
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-1606",
"datePublished": "2016-07-03T01:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5228 (GCVE-0-2016-5228)
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2016050136 | x_refsource_MISC | |
| http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/40649/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx"
},
{
"name": "40649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40649/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:41",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx"
},
{
"name": "40649",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40649/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-5228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2016050136",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"name": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx",
"refsource": "CONFIRM",
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx"
},
{
"name": "40649",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40649/"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-5228",
"datePublished": "2016-07-03T01:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-11-04 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | rumba | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:rumba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D41E6025-5301-4CA0-9C1E-AAD27702C6DB",
"versionEndIncluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en pila en los componentes send.exe y receive.exe de Micro Focus Rumba 9.4 y versiones anteriores podr\u00eda ser usado por atacantes locales o atacantes capaces de inyectar argumentos a esos binarios para ejecutar c\u00f3digo."
}
],
"id": "CVE-2016-9176",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-04T00:59:00.167",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/94236"
},
{
"source": "security@opentext.com",
"url": "https://www.exploit-db.com/exploits/40648/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40648/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | rumba | 9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:rumba:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2505F7B7-F0A6-40F4-950B-B3FFB4A2BF0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability."
},
{
"lang": "es",
"value": "Desbordamiento del buffer basado en pila en la funci\u00f3n PlayMacro en ObjectXMacro.ObjectXMacro en WdMacCtl.ocx en Micro Focus Rumba 9.x en versiones anteriores a 9.3 HF 11997 y 9.4.x en versiones anteriores a 9.4 HF 12815 permite a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un argumento MacroName largo. NOTA: algunas referencias mencionan CVE-2016-5226 pero ese no es el ID corrector para ninguna vulnerabilidad de Rumba."
}
],
"id": "CVE-2016-5228",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T01:59:09.923",
"references": [
{
"source": "security@opentext.com",
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx"
},
{
"source": "security@opentext.com",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
},
{
"source": "security@opentext.com",
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"source": "security@opentext.com",
"url": "https://www.exploit-db.com/exploits/40649/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40649/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | rumba | 9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:rumba:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2505F7B7-F0A6-40F4-950B-B3FFB4A2BF0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client."
},
{
"lang": "es",
"value": "Multiple desbordamiento del buffer basado en pila en objetos COM en Micro Focus Rumba 9.4.x en versiones anteriores a 9.4 HF 13960 permite a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de via (1) el valor de propiedad NetworkName para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (2) el valor de propiedad CPName property para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (3) el valor de propiedad PrinterName para ProfileEditor.PrintPasteControl en ProfEdit.dll, (4) el argumento Data para la funci\u00f3n WriteRecords en FTXBIFFLib.AS400FtxBIFF en FtxBIFF.dll, (5) el valor de propiedad Serialized para NMSECCOMPARAMSLib.SSL3 en NMSecComParams.dll, (6) el valor de propiedad UserName para NMSECCOMPARAMSLib.FirewallProxy en NMSecComParams.dll, (7) el valor de propiedad LUName para ProfileEditor.MFSNAControl en ProfEdit.dll, (8) el argumento newVal argument para la funci\u00f3n Load en FTPSFTPLib.SFtpSession en FTPSFtp.dll o (9) un archivo Host largo en el FTP Client."
}
],
"id": "CVE-2016-1606",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T01:59:04.797",
"references": [
{
"source": "security@opentext.com",
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
},
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/91548"
},
{
"source": "security@opentext.com",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
},
{
"source": "security@opentext.com",
"url": "https://cxsecurity.com/issue/WLB-2016050136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cxsecurity.com/issue/WLB-2016050136"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}