CVE-2016-5228

Name of the Vulnerable Software and Affected Versions Micro Focus Rumba versions 9.x through 9.3 before HF 11997 Micro Focus Rumba versions 9.4.x through 9.4 before HF 12815

Description The issue is caused by a stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx of the Micro Focus Rumba terminal emulator. This can be exploited by a remote attacker to execute arbitrary code using a long MacroName argument.

Recommendations For Micro Focus Rumba versions 9.x through 9.3 before HF 11997, update to version 9.3 HF 11997 or later. For Micro Focus Rumba versions 9.4.x through 9.4 before HF 12815, update to version 9.4 HF 12815 or later. As a temporary workaround, consider restricting the length of the MacroName argument to prevent exploitation until a patch is applied.