PT-2022-25732 · Sap · Sap 3D Visual Enterprise Viewer+1
Published
2022-11-08
·
Updated
2023-07-10
·
CVE-2022-41211
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP 3D Visual Enterprise Author (affected versions not specified)
SAP 3D Visual Enterprise Viewer (affected versions not specified)
Description
The issue is caused by a lack of proper memory management. When a victim opens a manipulated file from untrusted sources in SAP 3D Visual Enterprise Author or SAP 3D Visual Enterprise Viewer, arbitrary code execution can be triggered. This occurs when a payload forces the re-use of a dangling pointer that refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. The memory overwritten is random, based on access rights of the memory, making repeated success unlikely. A stack-based buffer overflow is also involved.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap 3D Visual Enterprise Author
Sap 3D Visual Enterprise Viewer