4 matches found
Schneider Electric ProClima F1BookView Memory Corruption (CVE-2015-7918; CVE-2015-8561)
A memory corruption vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a flaw in some methods of the F1BookView ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to browse to a maliciously crafte...
CVE-2015-7918
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the 1 Attach, 2 DefinedName, 3 DefinedNameLocal, 4 ODBCPrepareEx, 5 ObjCreatePolygon, 6 SetTabbedTextEx, or 7 SetValidationRule...
CVE-2015-7918
The F1BookView ActiveX control in Schneider Electric ProClima before 6.2 contains multiple buffer overflows that can be triggered via the methods Attach, DefinedName, DefinedNameLocal, ODBCPrepareEx, ObjCreatePolygon, SetTabbedTextEx, and SetValidationRule, enabling remote code execution. This vu...
Schneider Electric ProClima ActiveX Control Vulnerabilities
OVERVIEW Ariele Caltabiano, working with HP’s Zero Day Initiative, has identified 11 remote code execution vulnerabilities in Schneider Electric’s ProClima F1 Bookview ActiveX control application. Schneider Electric has produced an update to mitigate these vulnerabilities. These vulnerabilities...