Description
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25720.
Published: 2026-04-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow occurs when the Proteus program processes improperly crafted PDSPRJ files. The flaw arises from missing validation of user data, leading to an out‑of‑bounds write that allows an attacker to run code in the context of the current process. This weakness aligns with CWE‑787.

Affected Systems

The vulnerability affects the Proteus software distributed by Labcenter Electronics. No specific product versions are enumerated in the available data.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and although an EPSS score is not available, the lack of a KEV listing suggests it has not yet been observed in the wild. The requirement for a user to open a malicious file or visit a malicious page means that exploitation requires some level of user interaction.

Generated by OpenCVE AI on April 11, 2026 at 02:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Labcenter Electronics website for any patches or updates addressing the PDSPRJ file handling flaw.
  • Apply any available patch or updated version as soon as it becomes available.
  • If a patch is not yet released, restrict opening of PDSPRJ files from untrusted sources or disable the file type integration temporarily.
  • Monitor security advisories from proprietary vendors and third‑party security feeds for further information.

Generated by OpenCVE AI on April 11, 2026 at 02:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter
Labcenter proteus
CPEs cpe:2.3:a:labcenter:proteus:8.17:sp5:*:*:*:*:*:*
Vendors & Products Labcenter
Labcenter proteus

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter Electronics
Labcenter Electronics proteus
Vendors & Products Labcenter Electronics
Labcenter Electronics proteus

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25720.
Title Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Labcenter Proteus
Labcenter Electronics Proteus
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-13T16:17:32.512Z

Reserved: 2026-04-03T14:34:43.888Z

Link: CVE-2026-5495

cve-icon Vulnrichment

Updated: 2026-04-13T16:17:24.242Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:18.697

Modified: 2026-04-27T17:48:16.460

Link: CVE-2026-5495

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:57:08Z

Weaknesses