Arbitrary Code Execution and Memory Corruption in F1BookView ActiveX Control

Arbitrary Code Execution and Memory Corruption in F1BookView ActiveX Control

CVE-2015-8561 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.

Learn more about our Web Application Penetration Testing UK.