PT-2022-25700 · Sap · Sap 3D Visual Enterprise Author
Published
2022-10-11
·
Updated
2023-07-10
·
CVE-2022-41177
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP 3D Visual Enterprise Author version 9
Description
The issue arises due to improper memory management when handling manipulated Iges Part and Assembly files. This can lead to a Remote Code Execution when a payload forces a stack-based overflow or reuses a dangling pointer referring to overwritten memory space.
Recommendations
For SAP 3D Visual Enterprise Author version 9, consider avoiding the use of CoreCadTranslator.exe for handling .igs and .iges files from untrusted sources until a patch is available. As a temporary workaround, restrict the opening of such files to minimize the risk of exploitation.
Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap 3D Visual Enterprise Author