SB2020091023 - Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer
Published: September 10, 2020 Updated: October 19, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-6322)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3DM files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
2) Use-after-free (CVE-ID: CVE-2020-6334)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when parsing SKP
files. A remote attacker can create a specially crafted file, trick the
victim into opening it, trigger a use-after-free error and execute
arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Out-of-bounds write (CVE-ID: CVE-2020-6335)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HPGL files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
4) Untrusted Pointer Dereference (CVE-ID: CVE-2020-6314)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error when parsing HPGL files. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
5) Stack-based buffer overflow (CVE-ID: CVE-2020-6359)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PLT files. A remote unauthenticated attacker can create a specially crafted PLT file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Untrusted Pointer Dereference (CVE-ID: CVE-2020-6344)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error when parsing PDF files. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
7) Out-of-bounds write (CVE-ID: CVE-2020-6340)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PCX files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
8) Out-of-bounds write (CVE-ID: CVE-2020-6336)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PCX files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
9) Out-of-bounds write (CVE-ID: CVE-2020-6338)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing RH files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
10) Use-after-free (CVE-ID: CVE-2020-6353)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing SKP files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Out-of-bounds write (CVE-ID: CVE-2020-6331)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HPGL file. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
12) Use-after-free (CVE-ID: CVE-2020-6329)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when parsing SKP
files. A remote attacker can create a specially crafted file, trick the
victim into opening it, trigger a use-after-free error and execute
arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Use-after-free (CVE-ID: CVE-2020-6354)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing SKP files. A remote attacker can create a specially crafted SKP file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Out-of-bounds read (CVE-ID: CVE-2020-6345)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing TGA files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
15) Stack-based buffer overflow (CVE-ID: CVE-2020-6355)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing TGA files. A remote unauthenticated attacker can create a specially crafted TGA file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Out-of-bounds write (CVE-ID: CVE-2020-6342)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D file. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
17) Untrusted Pointer Dereference (CVE-ID: CVE-2020-6321)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error when parsing U3D files within the 3difr plugin. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
18) Buffer overflow (CVE-ID: CVE-2020-6357)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Out-of-bounds write (CVE-ID: CVE-2020-6332)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HPGL files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
20) Buffer overflow (CVE-ID: CVE-2020-6337)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HDR files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Integer overflow (CVE-ID: CVE-2020-6327)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when parsing 3DM files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Out-of-bounds write (CVE-ID: CVE-2020-6361)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing RLE files. A remote attacker can create a specially crafted RLE file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
23) Out-of-bounds read (CVE-ID: CVE-2020-6330)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing 3DM files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
24) Out-of-bounds write (CVE-ID: CVE-2020-6333)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing 3DM file. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
25) Buffer overflow (CVE-ID: CVE-2020-6346)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing BMP files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Buffer overflow (CVE-ID: CVE-2020-6350)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing BMP files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Heap-based buffer overflow (CVE-ID: CVE-2020-6339)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing of BMP files. A remote attacker can create a specially crafted BMP file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Out-of-bounds write (CVE-ID: CVE-2020-6356)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing BMP files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
29) Out-of-bounds write (CVE-ID: CVE-2020-6360)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing DIB files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
30) Untrusted Pointer Dereference (CVE-ID: CVE-2020-6328)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error when parsing CGM files. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
31) Buffer overflow (CVE-ID: CVE-2020-6347)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HDR files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Out-of-bounds read (CVE-ID: CVE-2020-6341)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing EPS files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
33) Out-of-bounds write (CVE-ID: CVE-2020-6343)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
34) Untrusted Pointer Dereference (CVE-ID: CVE-2020-6351)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error when parsing FBX files. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
35) Untrusted Pointer Dereference (CVE-ID: CVE-2020-6352)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error when parsing FBX files. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
36) Out-of-bounds write (CVE-ID: CVE-2020-6358)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing FBX files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
37) Buffer overflow (CVE-ID: CVE-2020-6348)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing GIF files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Buffer overflow (CVE-ID: CVE-2020-6349)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing GIF files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Input validation error (CVE-ID: CVE-2020-6374)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trick a victim to open a specially crafted Jupiter Tessallation(.jt) file and perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2020-6373)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trick a victim to open a specially crafted PDF file and perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2020-6372)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trick a victim to open a specially crafted PDF file and perform a denial of service (DoS) attack.
42) Input validation error (CVE-ID: CVE-2020-6376)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trick a victim to open a specially crafted Right Hemisphere Binary (.rh) file and perform a denial of service (DoS) attack.
43) Input validation error (CVE-ID: CVE-2020-6375)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trick a victim to open a specially crafted Right Computer Graphics Metafile (.cgm) file and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://launchpad.support.sap.com/#/notes/2960815
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
- https://www.zerodayinitiative.com/advisories/ZDI-20-1139/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1145/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1146/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1141/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1170/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1150/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1154/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1159/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1157/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1149/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1142/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1136/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1158/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1160/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1161/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1152/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1140/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1168/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1143/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1155/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1138/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1172/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1135/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1144/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1163/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1167/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1156/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1162/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1171/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1137/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1164/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1153/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1151/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1147/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1148/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1169/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1165/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1166/
- https://launchpad.support.sap.com/#/notes/2973497
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196