Schneider Electric ProClima F1BookView ActiveX Control CopyAll Method Remote Code Execution Vulnerability

ID ZDI-15-626
Type zdi
Reporter Ariele Caltabiano
Modified 2015-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the implementation of the CopyAll method of the F1BookView ActiveX control. The method accepts an integer value and interprets it as the address of a structure in memory. An attacker can leverage this vulnerability to achieve code execution under the context of the process.