Microfocus Rumba vulnerabilities

CVE-2016-9176 [CRITICAL] CWE-119 CVE-2016-9176: Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlie Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.

CVE-2016-5228 [CRITICAL] CVE-2016-5228: Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx i Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.

CVE-2016-1606 [CRITICAL] CWE-119 CVE-2016-1606: Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property