Vulnerability Details : CVE-2016-9176
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2016-9176
Probability of exploitation activity in the next 30 days: 1.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-9176
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-9176
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9176
-
https://www.exploit-db.com/exploits/40648/
Micro Focus Rumba 9.4 - Local Denial of ServiceExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/94236
Micro Focus Rumba CVE-2016-9176 Multiple Local Stack Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2016-9176
- cpe:2.3:a:microfocus:rumba:*:*:*:*:*:*:*:*