CVE-2016-5228

Description

Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx
• http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php
• https://cxsecurity.com/issue/WLB-2016050136
• https://www.exploit-db.com/exploits/40649/
• http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28600.micro-focus-rumba-9-x-security-update.aspx
• http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php
• https://cxsecurity.com/issue/WLB-2016050136
• https://www.exploit-db.com/exploits/40649/

CWEs

CWE-119

💬 Discuss CVE-2016-5228 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.