ZDI 2026-04-06

ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CVE-2026-5495

Machine-generated analysis · WAYSCloud LLM

The vulnerability is triggered by parsing a malicious PDSPRJ file, leading to an out-of-bounds write condition.

Context

Labcenter Electronics Proteus is affected by a remote code execution vulnerability in its PDSPRJ file parsing functionality. The vulnerability is an out-of-bounds write that can be exploited when a user opens a specially crafted file. User interaction is required, such as opening a malicious file or visiting a malicious page. The ZDI assigned a CVSS score of 7.8, indicating a medium to high severity impact.

Operator considerations

Log: Monitor file access logs for unusual activity involving PDSPRJ files, if such logging is available.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5495.

Read the full advisory on ZDI →