|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
3D Visual Enterprise Viewer
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 20131. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the handling of SketchUp documents. With a specially crafted SketchUp document, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
06/30/2015 - Disclosed vulnerability reports to vendor
-- Vendor Response:
On 2/26/2016 SAP notified ZDI of the following available updates:
2281195 <https://service.sap.com/sap/support/notes/2281195> - Potential remote termination of running processes in SAP Visual Enterprise Author, Generator and Viewer
An attacker can remotely exploit SAP Visual Enterprise Author, Generator and Viewer version 8.0, which may lead to application termination.
Customers are advised to apply Note 2281195 <https://service.sap.com/sap/support/notes/2281195> immediately. We would like to remind our customers to secure SAP systems by installing all available security patches. You can find security notes and patches in the SAP Support Portal here <https://support.sap.com/securitynotes> .
|CREDIT||Steven Seeley of Source Incite