Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5228 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Rumba

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

51.2%

top 2.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microfocus Rumba

Timeline

PublishedJul 3

Latest updateMay 17

Description

Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrofocus/rumba9.4

🔴Vulnerability Details

GHSA

GHSA-qcj4-wjgr-2rrf: Stack-based buffer overflow in the PlayMacro function in ObjectXMacro↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow (PoC)↗2016-10-31

▶