Schneider Electric ProClima F1BookView ActiveX Control Attach Method Remote Code Execution Vulnerability

ID ZDI-15-633
Type zdi
Reporter Fritz Sands - HP Zero Day Initiative
Modified 2015-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the implementation of the Attach method of the F1BookView control. A buffer overrun occurs when a long string is passed by the user to the method. An attacker could leverage this flaw to execute code under the context of the process.