Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25719.
AnalysisAI
Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution with high integrity impact. Exploitation requires user interaction (opening malicious PDSPRJ file or visiting attacker-controlled page). Insufficient input validation during PDSPRJ processing allows buffer overflow, writing arbitrary data beyond allocated memory boundaries. Successful exploitation grants attacker code execution in application context with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.
Technical ContextAI
CWE-787 out-of-bounds write stems from absent bounds checking on user-supplied data within PDSPRJ file parser. Heap or stack buffer overflow occurs when malformed file triggers write operation exceeding allocated buffer size. CVSS vector AV:L indicates local attack vector despite remote delivery, as file must execute locally after social engineering delivery.
RemediationAI
No vendor-released patch identified at time of analysis per available intelligence. Until Labcenter Electronics issues security update, implement defense-in-depth controls: (1) restrict PDSPRJ file sources to trusted repositories only, (2) deploy application sandboxing or virtualization for Proteus execution, (3) enforce least-privilege user contexts, (4) implement email attachment filtering blocking unsolicited PDSPRJ files, (5) disable automatic file preview features. Monitor Zero Day Initiative advisory for vendor coordination updates: https://www.zerodayinitiative.com/advisories/ZDI-26-256/. Organizations should contact Labcenter Electronics support directly to request patch timeline and interim guidance.
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x an
Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution wh
Out-of-bounds write during PDSPRJ file parsing in Labcenter Electronics Proteus enables remote code execution when users
Type confusion in Labcenter Electronics Proteus PDSPRJ file parser enables remote code execution when users open malicio
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x throu
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21668
GHSA-jf3r-4gcm-wq9g