• Advisory Details Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-26-113ZDI-CAN-28378 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. • User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. • The specific flaw exists within the parsing of EPRT files. • The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • An attacker can leverage this vulnerability to execute code in the context of the current process. • 2025-11-04 - Vulnerability reported to vendor 2026-02-19 - Coordinated public release of advisory 2026-02-19 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds
Article Summaries:
- Dassault Systèmes has disclosed a remote code‑execution flaw (CVE‑2026‑1334) in its eDrawings Viewer. The vulnerability stems from insufficient validation of EPRT files, allowing memory corruption when a user opens a malicious file or visits a malicious page. Attackers can execute arbitrary code in the context of the current process, with a CVSS score of 7.8 (high impact). The flaw requires user interaction and affects all eDrawings installations. Dassault Systèmes has released a patch to address the issue; users are urged to update promptly. Further details are available on the company’s security advisory page.
Sources: