Rumba
CVE-2016-9176
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
AnalysisAI
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. Affected products include: Microfocus Rumba.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attacke
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today