CVE-2022-39808

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Author version 9

Description The issue is caused by a lack of proper memory management. When a victim opens a manipulated Wavefront Object (.obj) file received from untrusted sources, it is possible that a Remote Code Execution can be triggered. This occurs when the payload forces a stack-based overflow or a re-use of a dangling pointer that refers to overwritten space in memory.

Recommendations For SAP 3D Visual Enterprise Author version 9, avoid opening .obj files from untrusted sources until a fix is available. As a temporary workaround, consider restricting the use of the ObjTranslator.exe component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.