Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. When the application receives Enhanced Metafile file, it checks the “MD5 fingerprint” of the incoming file and if it does not match the MD5 fingerprint stored in its file system, the application aborts the import process and displays an appropriate error message. The MD5 fingerprint of Enhanced Metafile is calculated using the following algorithm: MD5(“STUFF YOU SHOULD NOT SHARE>”)
Vulnerability Characterization
The vulnerability exists in the parsing of Enhanced Metafile (.emf, emf.x3d) files received from untrusted sources by SAP 3D Visual Enterprise Author - version 9 which makes it possible for an attacker to crash the application by opening a manipulated file, and make SAP 3D Visual Enterprise Author - version 9 temporarily unavailable to the user until restart of the application.
Potential Impact
The potential impact is that a user may be unable to access the application for an extended period of time, which could cause them to lose data and/or execute commands.
To avoid this issue, it is recommended that Enhanced Metafile files not coming from untrusted sources are not used in SAP 3D Visual Enterprise Author - version 9.
References:
- http://support.sap.com/domestic/security/hc/en-us/d04a1f3a-4b0e-11e6-8f7e-00505600009a
- https://www.sap.com/solutions/enterprise-author (version 9)
"The MD5 fingerprint of Enhanced Metafile is calculated using the following algorithm:"
Timeline
Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/12/2022 19:56:00 UTC