Note:
This project will be discontinued after December 13, 2021. [more]
Product:
3d_visual_enterprise_viewer
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 131 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-11 | CVE-2022-41195 | Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 3d_visual_enterprise_viewer | 7.8 | ||
| 2022-10-11 | CVE-2022-41196 | Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 3d_visual_enterprise_viewer | 7.8 | ||
| 2022-10-11 | CVE-2022-41197 | Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 3d_visual_enterprise_viewer | 7.8 | ||
| 2022-10-11 | CVE-2022-41198 | Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 3d_visual_enterprise_viewer | 7.8 | ||
| 2022-10-11 | CVE-2022-41200 | Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 3d_visual_enterprise_viewer | 7.8 | ||
| 2022-11-08 | CVE-2022-41211 | Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random,... | 3d_visual_enterprise_author, 3d_visual_enterprise_viewer | 7.8 | ||
| 2016-02-22 | CVE-2016-2536 | Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | Sketchup, 3d_visual_enterprise_viewer | 8.8 | ||
| 2015-10-30 | CVE-2015-8030 | SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | 3d_visual_enterprise_viewer | N/A | ||
| 2015-10-30 | CVE-2015-8029 | SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | 3d_visual_enterprise_viewer | N/A | ||
| 2015-10-30 | CVE-2015-8028 | Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | 3d_visual_enterprise_viewer | N/A |