Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author
CVE-2022-41167

7.8HIGH

Key Information:

Vendor

SAP

Vendor
CVE Published:
11 October 2022

What is CVE-2022-41167?

A vulnerability exists in SAP 3D Visual Enterprise Author version 9 that is linked to improper memory management. An attacker could exploit this vulnerability by sending a manipulated AutoCAD (.dwg) file to a victim. When the victim opens this file in the affected software, it could result in remote code execution due to stack-based overflow or re-use of a dangling pointer that refers to compromised memory space. This exploitation could lead to unauthorized actions on the victim’s system, putting sensitive information at risk.

Affected Version(s)

SAP 3D Visual Enterprise Author 9

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.