CVE-2022-39803

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Author version 9

Description The issue is caused by a lack of proper memory management. When a victim opens a manipulated ACIS Part and Assembly (.sat) file received from untrusted sources, it is possible that a Remote Code Execution can be triggered. This can happen when a payload forces a stack-based overflow or a re-use of a dangling pointer which refers to overwritten space in memory.

Recommendations For SAP 3D Visual Enterprise Author version 9, consider avoiding the use of CoreCadTranslator.exe until a patch is available. As a temporary workaround, restrict the opening of .sat files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.