FKIE_CVE-2016-1606

Vulnerability from fkie_nvd - Published: 2016-07-03 01:59 - Updated: 2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
References
security@opentext.comhttp://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx
security@opentext.comhttp://www.securityfocus.com/bid/91548
security@opentext.comhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php
security@opentext.comhttps://cxsecurity.com/issue/WLB-2016050136
af854a3a-2127-422b-91ae-364da2661108http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91548
af854a3a-2127-422b-91ae-364da2661108http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php
af854a3a-2127-422b-91ae-364da2661108https://cxsecurity.com/issue/WLB-2016050136
Impacted products
Vendor Product Version
microfocus rumba 9.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:rumba:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2505F7B7-F0A6-40F4-950B-B3FFB4A2BF0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client."
    },
    {
      "lang": "es",
      "value": "Multiple desbordamiento del buffer basado en pila en objetos COM en Micro Focus Rumba 9.4.x en versiones anteriores a 9.4 HF 13960 permite a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de via (1) el valor de propiedad NetworkName para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (2) el valor de propiedad CPName property para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (3) el valor de propiedad PrinterName para ProfileEditor.PrintPasteControl en ProfEdit.dll, (4) el argumento Data para la funci\u00f3n WriteRecords en FTXBIFFLib.AS400FtxBIFF en FtxBIFF.dll, (5) el valor de propiedad Serialized para NMSECCOMPARAMSLib.SSL3 en NMSecComParams.dll, (6) el valor de propiedad UserName para NMSECCOMPARAMSLib.FirewallProxy en NMSecComParams.dll, (7) el valor de propiedad LUName para ProfileEditor.MFSNAControl en ProfEdit.dll, (8) el argumento newVal argument para la funci\u00f3n Load en FTPSFTPLib.SFtpSession en FTPSFtp.dll o (9) un archivo Host largo en el FTP Client."
    }
  ],
  "id": "CVE-2016-1606",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-03T01:59:04.797",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.securityfocus.com/bid/91548"
    },
    {
      "source": "security@opentext.com",
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
    },
    {
      "source": "security@opentext.com",
      "url": "https://cxsecurity.com/issue/WLB-2016050136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cxsecurity.com/issue/WLB-2016050136"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.