Arbitrary Code Execution Vulnerability in SAP 3D Visual Enterprise Author and Viewer
CVE-2022-41211

7HIGH

Key Information:

Vendor: SAP
Status: SAP 3d Visual Enterprise Author; SAP 3d Visual Enterprise Viewer
Vendor: CVE Published:; 8 November 2022

Summary

An arbitrary code execution issue exists in SAP 3D Visual Enterprise Author and Viewer due to insufficient memory management. This vulnerability can be exploited when a user opens a specially crafted file from untrusted sources. It leverages the reuse of a dangling pointer pointing to mismanaged memory space, which may lead to the execution of arbitrary code. Though the likelihood of successful exploitation diminishes due to the randomness of overwritten memory and its access rights, the potential risks associated with this vulnerability warrant careful attention and mitigation strategies.

Affected Version(s)

SAP 3D Visual Enterprise Author = 9

SAP 3D Visual Enterprise Viewer = 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3263436

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Sep 21, 2022