Lucene search
Fritz Sands - HP Zero Day InitiativeZDI-15-630HistoryDec 08, 2015 - 12:00 a.m.
Schneider Electric ProClima F1BookView ActiveX Control DefinedName Method Remote Code Execution Vulnerability
2015-12-0800:00:00
Fritz Sands - HP Zero Day Initiative
www.zerodayinitiative.com
17
0.443 Medium
EPSS
Percentile
97.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the DefinedName method. Memory corruption occurs when a long user-supplied name is supplied. Later in processing, the code jumps to an address outside of normal flow. An attacker may be able to leverage this flaw to execute code under the context of the process.
Related
zdi
zdi
ics
ics
Schneider Electric ProClima ActiveX Control Vulnerabilities
2018-08-27 12:00:00
cvelist
cvelist
CVE-2015-7918
2015-12-15 02:00:00
CVE-2015-8561
2022-10-03 16:16:00
nvd
nvd
CVE-2015-8561
2015-12-15 05:59:09
CVE-2015-7918
2015-12-15 05:59:08
prion
prion
Buffer overflow
2015-12-15 05:59:00
Memory corruption
2015-12-15 05:59:00
cve
cve
CVE-2015-7918
2015-12-15 05:59:08
CVE-2015-8561
2022-10-03 16:16:00
checkpoint_advisories
checkpoint_advisories