CVE-2015-8028 – SAP 3D Visual Enterprise Viewer Flic Animation Heap Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-8028

Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. Múltiples desbordamientos de buffer en SAP 3D Visual Enterprise Viewer (VEV) permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado (1) 3DM o (2) Flic Animation This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Flic Animation documents. With a specially crafted Flic document, an attacker can trigger a heap buffer overflow condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. • http://www.zerodayinitiative.com/advisories/ZDI-15-526 http://www.zerodayinitiative.com/advisories/ZDI-15-531 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •