CVE-2015-7918

{"id": "CVE-2015-7918", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-12-15T05:59:08.857", "references": [{"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-329-01", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-625", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-630", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-631", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-632", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-633", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-634", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-635", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer en el control F1BookView ActiveX en F1 Bookview en Schneider Electric ProClima en versiones anteriores a 6.2 permite atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx o (7) SetValidationRule, una vulnerabilidad diferente a CVE-2015-8561."}], "lastModified": "2015-12-16T13:21:54.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:proclima:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12DFD1A6-BDB8-4864-A3E3-1CBF1609C17B", "versionEndIncluding": "6.1"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}