CVE-2016-1606 in RUMBAinfo

Summary

Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/12/2016

Disclosure

07/02/2016

Moderation

VulDB entry created

Entries

VDB-88519 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

Exploit

Download

CVSS

9.8

EPSS

0.56706

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1606
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1606
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1606/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!