Lucene search
Fritz Sands - HP Zero Day InitiativeZDI-15-635HistoryDec 08, 2015 - 12:00 a.m.
Schneider Electric ProClima F1BookView ActiveX Control SetTabbedTextEx Method Remote Code Execution Vulnerability
2015-12-0800:00:00
Fritz Sands - HP Zero Day Initiative
www.zerodayinitiative.com
14
0.443 Medium
EPSS
Percentile
97.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the SetTabbedTextEx method of the F1BookView control. Memory corruption occurs when a long string is passed by the user to the method. An attacker could leverage this flaw to execute code under the context of the process.
Related
zdi
zdi
ics
ics
Schneider Electric ProClima ActiveX Control Vulnerabilities
2018-08-27 12:00:00
cvelist
cvelist
CVE-2015-7918
2015-12-15 02:00:00
CVE-2015-8561
2022-10-03 16:16:00
nvd
nvd
CVE-2015-8561
2015-12-15 05:59:09
CVE-2015-7918
2015-12-15 05:59:08
prion
prion
Buffer overflow
2015-12-15 05:59:00
Memory corruption
2015-12-15 05:59:00
cve
cve
CVE-2015-7918
2015-12-15 05:59:08
CVE-2015-8561
2022-10-03 16:16:00
checkpoint_advisories
checkpoint_advisories