Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author
CVE-2022-41167

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP 3d Visual Enterprise Author
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-41167?

A vulnerability exists in SAP 3D Visual Enterprise Author version 9 that is linked to improper memory management. An attacker could exploit this vulnerability by sending a manipulated AutoCAD (.dwg) file to a victim. When the victim opens this file in the affected software, it could result in remote code execution due to stack-based overflow or re-use of a dangling pointer that refers to compromised memory space. This exploitation could lead to unauthorized actions on the victim’s system, putting sensitive information at risk.

Affected Version(s)

SAP 3D Visual Enterprise Author 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3245929

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 21, 2022