|
|||
Rule General Information |
---|
Release Date: | 2016-08-04 | |
Rule Name: | Schneider Electric Proclima F1bookview Setvalidationrule Memory Corruption Vulnerability -3 (CVE-2015-7918) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method. | |
Impact: | An attacker can execute arbitrary code in the context of the vulnerable system. Failed exploit may cause denial-of-service attack. | |
Affected OS: | Windows | |
Reference: | http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01 ZeroDayInitiative:ZDI-15-625 ZeroDayInitiative:ZDI-15-630 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: http://download.schneider-electric.com/library/downloads/WW/en/document/SEVD-2015-329-01 |