CVE-2022-41199

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9

Description The issue is caused by a lack of proper memory management. When a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) received from untrusted sources, it is possible that a Remote Code Execution can be triggered. This can happen when a payload forces a stack-based overflow or a re-use of a dangling pointer which refers to overwritten space in memory.

Recommendations For SAP 3D Visual Enterprise Viewer version 9, consider avoiding the use of .iv and vrml.x3d files from untrusted sources until a patch is available. As a temporary workaround, restrict the opening of such files in the viewer to minimize the risk of exploitation.