Description
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25719.
Published: 2026-04-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch ASAP
AI Analysis

Impact

This vulnerability is an out‑of‑bounds write that occurs during the parsing of a Labcenter Electronics Proteus PDSPRJ file. The lack of proper validation of user‑supplied data allows a crafted file to overwrite memory beyond the allocated buffer, enabling the attacker to execute arbitrary code in the context of the current user. The flaw represents a classic buffer overflow scenario, threatening confidentiality, integrity, and availability of the affected system.

Affected Systems

The affected product is Labcenter Electronics Proteus. No specific version information is listed, so all releases that process PDSPRJ files are potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity and the problem is observable only when the user opens a malicious PDSPRJ file or visits a page that triggers its processing. The likely attack vector is inferred to be a malicious project file presented to a user. Although EPSS data is not available and the vulnerability is not part of the CISA KEV catalog, the high severity and the exploitation impact of remote code execution suggest a significant security risk for any user who interacts with untrusted files.

Generated by OpenCVE AI on April 11, 2026 at 03:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available update or patch for Labcenter Electronics Proteus
  • Avoid opening PDSPRJ files from untrusted or unknown sources
  • Regularly check the vendor’s security advisories for updates

Generated by OpenCVE AI on April 11, 2026 at 03:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter
Labcenter proteus
CPEs cpe:2.3:a:labcenter:proteus:8.17:sp5:*:*:*:*:*:*
Vendors & Products Labcenter
Labcenter proteus

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter Electronics
Labcenter Electronics proteus
Vendors & Products Labcenter Electronics
Labcenter Electronics proteus

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25719.
Title Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Labcenter Proteus
Labcenter Electronics Proteus
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-13T16:16:49.016Z

Reserved: 2026-04-03T14:34:29.671Z

Link: CVE-2026-5494

cve-icon Vulnrichment

Updated: 2026-04-13T16:16:44.915Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:18.563

Modified: 2026-04-27T17:48:12.423

Link: CVE-2026-5494

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:57:09Z

Weaknesses