What is CVE-2022-41211?

CVE-2022-41211 is a vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer that allows Arbitrary Code Execution when opening manipulated files from untrusted sources.

How does CVE-2022-41211 work?

CVE-2022-41211 occurs due to a lack of proper memory management, which leads to the re-use of a dangling pointer that refers to overwritten data, enabling Arbitrary Code Execution.

What is the severity of CVE-2022-41211?

CVE-2022-41211 has a severity rating of 7.8, classified as high.

Which software versions are affected by CVE-2022-41211?

SAP 3D Visual Enterprise Author version 9 and SAP 3D Visual Enterprise Viewer version 9 are affected by CVE-2022-41211.

How can I fix CVE-2022-41211?

To mitigate CVE-2022-41211, it is recommended to apply the necessary patches and updates provided by SAP. Please refer to the official SAP notes and documentation for detailed instructions.

Vulnerability/
CVE-2022-41211

high

7.8

CWE

119 787

8/11/2022

10/7/2023

CVE-2022-41211: Buffer Overflow

First published: Tue Nov 08 2022(Updated: )

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP 3D Visual Enterprise Author	=9
SAP 3D Visual Enterprise Viewer	=9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-41211?
CVE-2022-41211 is a vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer that allows Arbitrary Code Execution when opening manipulated files from untrusted sources.
How does CVE-2022-41211 work?
CVE-2022-41211 occurs due to a lack of proper memory management, which leads to the re-use of a dangling pointer that refers to overwritten data, enabling Arbitrary Code Execution.
What is the severity of CVE-2022-41211?
CVE-2022-41211 has a severity rating of 7.8, classified as high.
Which software versions are affected by CVE-2022-41211?
SAP 3D Visual Enterprise Author version 9 and SAP 3D Visual Enterprise Viewer version 9 are affected by CVE-2022-41211.
How can I fix CVE-2022-41211?
To mitigate CVE-2022-41211, it is recommended to apply the necessary patches and updates provided by SAP. Please refer to the official SAP notes and documentation for detailed instructions.

collector/nvd-index
vendor/sap
canonical/sap 3d visual enterprise author
version/sap 3d visual enterprise author/9
canonical/sap 3d visual enterprise viewer
version/sap 3d visual enterprise viewer/9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.