Lucene search
SapCVELIST:CVE-2022-41177HistoryOct 11, 2022 - 12:00 a.m.
CVE-2022-41177
2022-10-1100:00:00
CWE-787
CWE-119
sap
www.cve.org
sap 3d visual enterprise author
memory management vulnerability
iges file
remote code execution
stack-based overflow
0.002 Low
EPSS
Percentile
52.8%
Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP 3D Visual Enterprise Author",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "9"
}
]
}
]Related
cnvd
cnvd
SAP 3D Visual Enterprise Author .igs Buffer Overflow Vulnerability
2022-10-13 00:00:00
prion
prion
Stack overflow
2022-10-11 21:15:00
zdi
zdi
nvd
nvd
CVE-2022-41177
2022-10-11 21:15:18
cve
cve
CVE-2022-41177
2022-10-11 21:15:18