CVE-2022-41190

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9

Description The issue arises due to improper memory management. When a manipulated AutoCAD (.dxf) file from untrusted sources is opened in the viewer, it can trigger Remote Code Execution. This occurs when the payload forces a stack-based overflow or reuses a dangling pointer referring to overwritten memory space.

Recommendations For SAP 3D Visual Enterprise Viewer version 9, consider avoiding the use of the TeighaTranslator.exe component when handling .dxf files from untrusted sources until a patch is available. As a temporary workaround, restrict the opening of .dxf files to only those from trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.