Schneider Electric ProClima ATX45 SetHtmlFileName Heap Buffer Overflow (CVE-2014-8511)

A code execution vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a heap buffer overflow when processing user supplied parameter input to SetHtmlFileName in the Atx45.ocx ActiveX control. A remote unauthenticated attacker could exploit this vulnerability...

Schneider Electric ProClima ATX45 SetBodyAttribute Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Schneider Electric ProClima ATX45 SetHtmlFileName Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2014-8511

The CVE-2014-8511 issue affects Schneider Electric ProClima before 6.1.7, specifically the Atx45.ocx ActiveX control. A heap/buffer overflow within Atx45.ocx (documented variants reference SetHtmlFileName/SetBodyAttribute paths) can allow remote attackers to execute arbitrary code. This is report...