CVE-2016-1606

CRITICAL

Micro Focus Rumba <9.4 HF 13960 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1606. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates multiple stack buffer overflow vulnerabilities in Micro Focus Rumba+ v9.4, specifically targeting OLE controls (WdMacCtl.ocx and iconfig.dll) via crafted HTML and VBScript. The PoC triggers crashes and potential arbitrary code execution by overflowing buffers with controlled patterns.

Description

Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textdoswindows

https://www.exploit-db.com/exploits/39857

View Code ZIP pw:eip

The exploit demonstrates multiple stack buffer overflow vulnerabilities in Micro Focus Rumba+ v9.4, specifically targeting OLE controls (WdMacCtl.ocx and iconfig.dll) via crafted HTML and VBScript. The PoC triggers crashes and potential arbitrary code execution by overflowing buffers with controlled patterns.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Micro Focus Rumba+ v9.4 (9.4.4058.0 and 9.4.0 SP0 Patch0)

No auth needed

Prerequisites: Victim must open a malicious HTML file or visit a crafted webpage

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Issue Tracking x_refsource_misc

https://cxsecurity.com/issue/WLB-2016050136

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91548

Various Sources x_refsource_confirm

http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx

Third Party Advisory x_refsource_misc

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php

Scores

CVSS v3 9.8

EPSS 0.4734

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

microfocus/rumba 9.4

Published Jul 03, 2016

Tracked Since Feb 18, 2026