CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27586 – SAP 3D Visual Enterprise Viewer IFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27586
When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato Interchange File Format (.IFF) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-315 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27587 – SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27587
When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato Jupiter Tessellation (.JT) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-310 https://www.zerodayinitiative.com/advisories/ZDI-21-312 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27591 – SAP 3D Visual Enterprise Viewer PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27591
When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato Portable Document Format (.PDF) manipulados recibidos desde fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-298 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27589 – SAP 3D Visual Enterprise Viewer SVG File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27589
When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato Scalable Vector Graphics (.SVG) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-306 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27585 – SAP 3D Visual Enterprise Viewer CGM File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27585
When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre archivos de formato Computer Graphics Metafile (.CGM) manipulados recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer versión 9, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicia la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3027758 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://www.zerodayinitiative.com/advisories/ZDI-21-288 https://www.zerodayinitiative.com/advisories/ZDI-21-299 •