CVE-2015-8029
SAP 3D Visual Enterprise Viewer Filmbox document Memory Corruption Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
SAP 3D Visual Enterprise Viewer (VEV) permite a atacantes remotos ejecutar código arbitrario a través de un documento Filmbox manipulado, lo que desencadena corrupción de memoria.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Filmbox documents. With a specially crafted Filmbox document, an attacker can trigger a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-20 CVE Published
- 2015-10-30 CVE Reserved
- 2024-09-17 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-15-532 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | 3d Visual Enterprise Viewer Search vendor "Sap" for product "3d Visual Enterprise Viewer" | * | - |
Affected
| ||||||