CVE-2022-41166 – SAP 3D Visual Enterprise Author OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-41166
Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de Wavefront Object (.obj, ObjTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que la aplicación sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicación This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. Crafted data in an OBJ file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2022-41167 – SAP 3D Visual Enterprise Author DWG File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41167
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de AutoCAD (.dwg, TeighaTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-41191 – SAP 3D Visual Enterprise Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41191
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de una administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Jupiter Tesselation (.jt, JTReader.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245928 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-39803 – SAP 3D Visual Enterprise Author SAT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39803
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado ACIS Part and Assembly (.sat, CoreCadTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SAT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-41197 – SAP 3D Visual Enterprise Viewer WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41197
Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo VRML Worlds manipulado (.wrl, vrml.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9, es posible que la aplicación sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicación This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WRL files. Crafted data in a WRL file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245928 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •