Arbitrary Code Execution Vulnerability in SAP 3D Visual Enterprise Author and Viewer
CVE-2022-41211

7HIGH

Key Information:

Vendor: SAP
Status: SAP 3d Visual Enterprise Author; SAP 3d Visual Enterprise Viewer
Vendor: CVE Published:; 8 November 2022

What is CVE-2022-41211?

An arbitrary code execution issue exists in SAP 3D Visual Enterprise Author and Viewer due to insufficient memory management. This vulnerability can be exploited when a user opens a specially crafted file from untrusted sources. It leverages the reuse of a dangling pointer pointing to mismanaged memory space, which may lead to the execution of arbitrary code. Though the likelihood of successful exploitation diminishes due to the randomness of overwritten memory and its access rights, the potential risks associated with this vulnerability warrant careful attention and mitigation strategies.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP 3D Visual Enterprise Author = 9

SAP 3D Visual Enterprise Viewer = 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3263436

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Sep 21, 2022

JSON

SAP

What is CVE-2022-41211?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.