CVE-2017-9961

Name of the Vulnerable Software and Affected Versions Schneider Electric's Pro-Face GP Pro EX version 4.07.000

Description A security issue exists that allows an attacker to execute arbitrary code. This can be achieved by placing a specific DLL/OCX file, which forces the process to load an arbitrary DLL and execute code in the context of the process. The attacker needs access to the computer to install malicious code.

Recommendations For version 4.07.000, consider restricting access to the computer and avoid using potentially vulnerable DLL/OCX files until a fix is available. As a temporary workaround, restrict the loading of arbitrary DLLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.