Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-88950
HistoryOct 13, 2022 - 12:00 a.m.

SAP 3D Visual Enterprise Viewer .cgm buffer overflow vulnerability

2022-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
sap
3d
visual
enterprise
viewer
buffer overflow
vulnerability
memory management
exploit
remote code execution
.cgm
cgmcore.dll
attack
security

EPSS

0.002

Percentile

61.2%

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP (Germany). The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces.SAP 3D Visual Enterprise Viewer versions prior to 9.0 suffer from a buffer overflow vulnerability that stems from a lack of proper memory management and can be exploited by attackers via specially crafted files (.cgm, CgmCore.dll) to remotely execute code when the payload forces stack-based overflow or reuse a dangling pointer to an overwritten space in memory to remotely execute code.

EPSS

0.002

Percentile

61.2%

Related for CNVD-2022-88950