Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1606 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Rumba

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

56.7%

top 1.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microfocus Rumba

Timeline

PublishedJul 3

Latest updateMay 17

Description

Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrofocus/rumba9.4

🔴Vulnerability Details

GHSA

GHSA-fm6f-qg9p-96xf: Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities↗2016-05-26

▶