Delta Electronics DOPSoft 2 Heap-based Buffer Overflow
Description
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Delta DOPSoft 2 before 2.00.07 has a heap-based buffer overflow in project file parsing, allowing code execution via a crafted file.
Vulnerability
Delta Electronics DOPSoft 2 versions 2.00.07 and prior lack proper validation of user-supplied data when parsing specific project files. This failure leads to a heap-based buffer overflow (CWE-122) in the context of the current process [1].
Exploitation
An attacker must convince a user to open a specially crafted DOPSoft 2 project file. No authentication or special network position is required; the attack complexity is low and user interaction is required [1]. The crafted file triggers the heap-based overflow during parsing.
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the current process, leading to a complete compromise of confidentiality, integrity, and availability [1].
Mitigation
Delta Electronics has not released a fix as of the advisory publication date. As a workaround, users should avoid opening project files from untrusted sources and apply the principle of least privilege to the DOPSoft 2 process [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.00.07+ 1 more
- (no CPE)range: <=2.00.07
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- us-cert.cisa.gov/ics/advisories/icsa-21-252-02mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.