CVE-2022-41180

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Author version 9

Description The issue is caused by a lack of proper memory management. When a victim opens a manipulated Portable Document Format (.pdf) file received from untrusted sources, it is possible that a Remote Code Execution can be triggered. This occurs when the payload forces a stack-based overflow or a re-use of a dangling pointer, which refers to overwritten space in memory. The PDFPublishing.dll is involved in this process.

Recommendations For SAP 3D Visual Enterprise Author version 9, consider avoiding the use of the PDFPublishing.dll until a patch is available. As a temporary workaround, restrict the opening of .pdf files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.