Impact
The vulnerability is a use‑after‑free flaw that corrupts memory while parsing crafted files, potentially allowing an attacker to execute arbitrary code in the current process context. This flaw is a CWE‑416 vulnerability and can lead to full system compromise if an attacker can supply malicious input.
Affected Systems
The flaw affects Labcenter Proteus software, specifically versions prior to 9.2 SPO. Users running any version 8.0 or higher that has not been updated to the 9.2 SPO release are at risk. The advisory does not list additional vendor or product variations.
Risk and Exploitability
The CVSS score of 8.4 indicates a high severity, yet the EPSS score is unavailable, so the likelihood of exploitation in the wild remains uncertain. Because the vulnerability is a memory corruption flaw exploitable without authentication to the Proteus process, an attacker who can supply a malicious file will likely succeed. The issue is not listed in CISA’s KEV catalog, suggesting no known public exploits, but the high CVSS warrants prompt remediation.
OpenCVE Enrichment