• Advisory Details Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-26-112ZDI-CAN-28315 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. • User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. • The specific flaw exists within the parsing of EPRT files. • The issue results from the lack of proper initialization of memory prior to accessing it. • An attacker can leverage this vulnerability to execute code in the context of the current process. • 2025-11-04 - Vulnerability reported to vendor 2026-02-19 - Coordinated public release of advisory 2026-02-19 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds
Article Summaries:
- Dassault Systèmes has disclosed a remote code‑execution flaw (CVE‑2026‑1333) affecting its eDrawings Viewer. The vulnerability stems from an uninitialized variable in the EPRT file parser, allowing attackers to run arbitrary code when a user opens a malicious file or visits a malicious page. The CVSS score is 7.8 (High impact on confidentiality, integrity, and availability). A patch has been released; users are urged to update immediately. The issue was reported by an anonymous source and detailed in Dassault’s security advisory.
Sources: