This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ProClima. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the SetTabbedTextEx method of the F1BookView control. Memory corruption occurs when a long string is passed by the user to the method. An attacker could leverage this flaw to execute code under the context of the process.