VDB
CVE-2022-41186
CVE-2022-41186
PUBLISHED
Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory.
EPSS 1.77% · 83.0th percentile
Risk Scores
EPSS Score
1.77%
83.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP 3D Visual Enterprise Viewer | 9 |
| sap | 3d_visual_enterprise_viewer | 0 |
Timeline
- Oct 11, 2022 CVE Published
- Oct 12, 2022 EPSS Score
- Oct 13, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Feb 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 20, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 16, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Dec 26, 2023 EPSS Score
- Feb 8, 2024 EPSS Score