Page 2 of 26 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo Enhanced Metafile (.emf, emf.x3d) manipulado recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que la aplicación sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Right Hemisphere Material (.rhm, rh.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que la aplicación sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicación • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de CATIA5 Part (.catpart, CatiaTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que la aplicación sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicación This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CATPart files. Crafted data in a CATPart file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de CATIA4 Part (.model, CatiaTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MODEL files. Crafted data in a MODEL file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de CATIA4 Part (.model, CatiaTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que la aplicación sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MODEL files. Crafted data in a MODEL file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •