Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer by SAP
CVE-2022-41187

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP 3d Visual Enterprise Viewer
Vendor: CVE Published:; 11 October 2022

Summary

A flaw in SAP 3D Visual Enterprise Viewer allows attackers to exploit improper memory management when users open specially crafted Wavefront Object (.obj) files from untrusted sources. This could lead to a remote code execution scenario by triggering a stack-based overflow or reusing dangling pointers, allowing attackers to manipulate memory space. Users are advised to avoid opening OBJ files from unverified sources and keep their software updated to mitigate potential risks.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3245928

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 21, 2022