CVE-2022-41195

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9

Description The issue is related to a memory corruption vulnerability that can be triggered by opening specially crafted files in the SAP 3D Visual Enterprise Viewer. This can lead to remote code execution when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources. The vulnerability is caused by a lack of proper memory management, which can result in a stack-based overflow or the re-use of a dangling pointer that refers to overwritten space in memory.

Recommendations For SAP 3D Visual Enterprise Viewer version 9, avoid opening files from untrusted sources, especially those in .iff, 2d.x3d formats, until a patch is available. As a temporary workaround, consider restricting access to the file parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.