CVE-2022-41191: 
SAP 3D Visual Enterprise Viewer vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-41191) was discovered in SAP 3D Visual Enterprise Viewer, specifically in the parsing of Jupiter Tesselation (.jt, JTReader.x3d) files. The vulnerability was reported on July 22, 2022, and publicly disclosed on November 3, 2022. This security flaw affects installations of SAP 3D Visual Enterprise Viewer and requires user interaction for exploitation (ZDI Advisory).

The vulnerability stems from the lack of proper validation of object existence before performing operations on the object during JT file parsing. It has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with local attack vector, low attack complexity, no privileges required, and user interaction required. The vulnerability is classified under CWE-119, which relates to buffer overflow issues (ZDI Advisory, NVD Report).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (ZDI Advisory).

SAP has released an update to address this vulnerability. Users are advised to apply the security patch provided by SAP to protect their systems (ZDI Advisory).