CVE-2022-32242
SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Cuando un usuario abre archivos manipulados Radiance Picture (.hdr, hdr.x3d) recibidos de fuentes no confiables en SAP 3D Visual Enterprise Viewer, la aplicaciĆ³n es bloqueada y deja de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicaciĆ³n
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-02 CVE Reserved
- 2022-06-14 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2022-06-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | 3d Visual Enterprise Viewer Search vendor "Sap" for product "3d Visual Enterprise Viewer" | <= 9.0 Search vendor "Sap" for product "3d Visual Enterprise Viewer" and version " <= 9.0" | - |
Affected
|