PT-2022-25689 · Sap+1 · Sap 3D Visual Enterprise Author+1
Published
2022-10-11
·
Updated
2023-07-10
·
CVE-2022-41167
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP 3D Visual Enterprise Author version 9
Description
The issue arises due to inadequate memory management. When a manipulated AutoCAD (.dwg) file from untrusted sources is opened in SAP 3D Visual Enterprise Author, it can trigger Remote Code Execution. This occurs when the payload forces a stack-based overflow or reuses a dangling pointer referring to overwritten memory space.
Recommendations
For SAP 3D Visual Enterprise Author version 9, consider avoiding the use of
TeighaTranslator.exe for parsing .dwg files until a patch is available. As a temporary workaround, restrict the opening of .dwg files from untrusted sources to minimize the risk of exploitation.Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Autocad
Sap 3D Visual Enterprise Author