CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27593
https://notcve.org/view.php?id=CVE-2021-27593
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos manipulados de Graphics Interchange Format (.GIF) recibidos de fuentes que no son confiables en SAP 3D Visual Enterprise Viewer, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicie la aplicación • https://launchpad.support.sap.com/#/notes/3035472 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27592 – SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27592
When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos Universal 3D (.U3D) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027767 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-311 https://www.zerodayinitiative.com/advisories/ZDI-21-313 https://www.zerodayinitiative.com/advisories/ZDI-21-314 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27590 – SAP 3D Visual Enterprise Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27590
When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos Tag Image File Format (.TIFF) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-294 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27584
https://notcve.org/view.php?id=CVE-2021-27584
When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato PhotoShop Document (.PSD) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27588 – SAP 3D Visual Enterprise Viewer HPGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27588
When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato HPGL manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HPGL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-292 •