Lucene search
China National Vulnerability DatabaseCNVD-2022-88957HistoryOct 13, 2022 - 12:00 a.m.
SAP 3D Visual Enterprise Viewer .jt Buffer Overflow Vulnerability
2022-10-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
sap 3d visual enterprise viewer
buffer overflow
vulnerability
memory management
remote code execution
.jt
jtreader.x3d
stack-based overflow
dangling pointer
memory overwrite
0.002 Low
EPSS
Percentile
58.9%
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP (Germany). The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces.SAP 3D Visual Enterprise Viewer versions prior to 9.0 suffer from a buffer overflow vulnerability that stems from a lack of proper memory management and can be exploited by attackers via specially crafted files (.jt, JTReader.x3d) to remotely execute code when the payload forces stack-based overflow or reuse a dangling pointer to an overwritten space in memory to remotely execute code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sap 3d visual enterprise viewer | lt | 9.0 |
Related
zdi
zdi
nvd
nvd
CVE-2022-41191
2022-10-11 21:15:22
cvelist
cvelist
CVE-2022-41191
2022-10-11 00:00:00
prion
prion
Stack overflow
2022-10-11 21:15:00
cve
cve
CVE-2022-41191
2022-10-11 21:15:22