CVE-2022-41201

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9

Description The issue is caused by a lack of proper memory management. When a victim opens a manipulated Right Hemisphere Binary (.rh, .x3d) file from untrusted sources, it can trigger a Remote Code Execution. This happens when the payload forces a stack-based overflow or a re-use of a dangling pointer that refers to overwritten space in memory.

Recommendations For SAP 3D Visual Enterprise Viewer version 9, consider avoiding the use of .rh and .x3d files from untrusted sources until a fix is available. As a temporary workaround, restrict the opening of these file types to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.