CVE-2016-5228

CRITICAL

Micro Focus Rumba 9.x - Stack-based Buffer Overflow via PlayMacro MacroName Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5228. PoCs published by Umit Aksu.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Micro Focus Rumba's ActiveX control via the PlayMacro function. It uses heap spraying to achieve control over EIP, with a predictable memory layout for shellcode execution.

Description

Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Umit Aksu · htmldoswindows
https://www.exploit-db.com/exploits/40649

This exploit demonstrates a stack-based buffer overflow in Micro Focus Rumba's ActiveX control via the PlayMacro function. It uses heap spraying to achieve control over EIP, with a predictable memory layout for shellcode execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Micro Focus Rumba <= 9.3
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking x_refsource_misc
https://cxsecurity.com/issue/WLB-2016050136
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40649/

Scores

CVSS v3 9.8
EPSS 0.5124
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
microfocus/rumba 9.4
Published Jul 03, 2016
Tracked Since Feb 18, 2026