Vulnerabilities > CVE-2022-41170 - Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
sap
CWE-787

Summary

Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Common Weakness Enumeration (CWE)