CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39804 – SAP 3D Visual Enterprise Author SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39804
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de SolidWorks Part (.sldprt, CoreCadTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41184 – SAP 3D Visual Enterprise Author CUR File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41184
Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de una administración apropiada de la memoria, cuando una víctima abre un archivo Windows Cursor File manipulado (.cur, ico.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerce un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que haga referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CUR files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39805 – SAP 3D Visual Enterprise Author CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39805
Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Computer Graphics Metafile (.cgm, CgmTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. Crafted data in a CGM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41179 – SAP 3D Visual Enterprise Author JT File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41179
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de Jupiter Tesselation (.jt, JtTranslator.exe) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso del puntero colgante que hace referencia a un espacio sobrescrito en la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41185
https://notcve.org/view.php?id=CVE-2022-41185
Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Visual Design Stream (.vds, MataiPersistence.dll) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versión 9, es posible que sea desencadenada una Ejecución de Código Remota cuando la carga útil fuerza un desbordamiento en la región stack de la memoria o un reúso de puntero colgante que hace referencia a un espacio sobrescrito en la memoria • https://launchpad.support.sap.com/#/notes/3245929 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •