CVE-2016-1606
Description
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:microfocus:rumba:9.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microfocus:rumba:9.4:*:*:*:*:*:*:*
- (no CPE)range: <9.4 HF 13960
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.