Dtmsoft
Monthly
Arbitrary code execution in Delta Electronics DTMSoft arises from unsafe deserialization of untrusted data during project file parsing (CWE-502), allowing an attacker who supplies a malicious DTMSoft project file to run code in the context of the user who opens it. The flaw is local and requires victim interaction (opening the crafted file) rather than remote network exploitation, and impacts confidentiality, integrity, and availability fully. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; no EPSS score was supplied.
Arbitrary code execution in Delta Electronics DTMSoft arises from unsafe deserialization of untrusted data during project file parsing (CWE-502), allowing an attacker who supplies a malicious DTMSoft project file to run code in the context of the user who opens it. The flaw is local and requires victim interaction (opening the crafted file) rather than remote network exploitation, and impacts confidentiality, integrity, and availability fully. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; no EPSS score was supplied.