Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer
CVE-2022-41198

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP 3d Visual Enterprise Viewer
Vendor: CVE Published:; 11 October 2022

Summary

A security vulnerability exists in SAP 3D Visual Enterprise Viewer version 9 due to inadequate memory management. If an attacker crafts a malicious SketchUp file (.skp) and sends it to a victim, opening this file can lead to Remote Code Execution. This occurs as the payload may cause a stack-based overflow or exploit a dangling pointer that refers to overwritten memory space. Such vulnerabilities can allow unauthorized execution of code, posing significant risks to users and their systems.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3245928

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 21, 2022