CVE-2015-7918

CWE-119 — Buffer Overflow3 documents3 sources

Severity

6.8MEDIUM

EPSS

11.2%

top 6.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Proclima

Timeline

PublishedDec 15

Latest updateMay 17

Description

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDschneider-electric/proclima6.1

🔴Vulnerability Details

GHSA

GHSA-vxpx-99jp-v96v: Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6↗2022-05-17

▶

CVEList

CVE-2015-7918: Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6↗2015-12-15

▶