Dassault Systèmes eDrawings Viewer EPRT File Parsing Vulnerability

TL;DR

Remote attackers can exploit a vulnerability in Dassault Systèmes eDrawings Viewer to execute arbitrary code by parsing malicious EPRT files.

What happened

["Vulnerability discovered in eDrawings Viewer's EPRT file handling", 'Uninitialized variable issue leads to potential RCE']

Why it matters for ops

['Remote code execution possible with user interaction', 'Malicious EPRT files can exploit the flaw']

Mitigation

• Update to patched version of eDrawings Viewer
• Limit user permissions and monitor for suspicious activities

Action items

• Apply security updates provided by Dassault Systèmes
• Restrict use of EPRT files in environments

Detection IOCs

• Suspicious EPRT file download or open activity
• Unexpected network connections from eDrawings Viewer process

Source link

http://www.zerodayinitiative.com/advisories/ZDI-26-112/