CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9176
https://notcve.org/view.php?id=CVE-2016-9176
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. Desbordamiento de búfer en pila en los componentes send.exe y receive.exe de Micro Focus Rumba 9.4 y versiones anteriores podría ser usado por atacantes locales o atacantes capaces de inyectar argumentos a esos binarios para ejecutar código. • http://www.securityfocus.com/bid/94236 https://www.exploit-db.com/exploits/40648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 1CVE-2016-1606 – Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1606
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client. Multiple desbordamiento del buffer basado en pila en objetos COM en Micro Focus Rumba 9.4.x en versiones anteriores a 9.4 HF 13960 permite a atacantes remotos ejecutar un código arbitrario a través de via (1) el valor de propiedad NetworkName para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (2) el valor de propiedad CPName property para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (3) el valor de propiedad PrinterName para ProfileEditor.PrintPasteControl en ProfEdit.dll, (4) el argumento Data para la función WriteRecords en FTXBIFFLib.AS400FtxBIFF en FtxBIFF.dll, (5) el valor de propiedad Serialized para NMSECCOMPARAMSLib.SSL3 en NMSecComParams.dll, (6) el valor de propiedad UserName para NMSECCOMPARAMSLib.FirewallProxy en NMSecComParams.dll, (7) el valor de propiedad LUName para ProfileEditor.MFSNAControl en ProfEdit.dll, (8) el argumento newVal argument para la función Load en FTPSFTPLib.SFtpSession en FTPSFtp.dll o (9) un archivo Host largo en el FTP Client. • https://www.exploit-db.com/exploits/39857 http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx http://www.securityfocus.com/bid/91548 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php https://cxsecurity.com/issue/WLB-2016050136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 1CVE-2016-5228 – Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2016-5228
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability. Desbordamiento del buffer basado en pila en la función PlayMacro en ObjectXMacro.ObjectXMacro en WdMacCtl.ocx en Micro Focus Rumba 9.x en versiones anteriores a 9.3 HF 11997 y 9.4.x en versiones anteriores a 9.4 HF 12815 permite a atacantes remotos ejecutar un código arbitrario a través de un argumento MacroName largo. NOTA: algunas referencias mencionan CVE-2016-5226 pero ese no es el ID corrector para ninguna vulnerabilidad de Rumba. Micro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability. • https://www.exploit-db.com/exploits/40649 http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php https://cxsecurity.com/issue/WLB-2016050136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •