CVE-2022-41170

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Author version 9

Description The issue arises due to improper memory management. When a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file from untrusted sources, it can trigger Remote Code Execution. This occurs when the payload forces a stack-based overflow or reuses a dangling pointer referring to overwritten space in memory.

Recommendations For SAP 3D Visual Enterprise Author version 9, avoid opening CATIA4 Part (.model, CatiaTranslator.exe) files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the CatiaTranslator.exe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.