CVE-2015-7918

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Proclima
Vendor: CVE Published:; 15 December 2015

Summary

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-631

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-15-625

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02

x_refsource_MISC

EPSS Score

47% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 15, 2015
Vulnerability Reserved
Oct 22, 2015