CVE-2022-41180 – This vulnerability in SAP 3D Visual Enterprise ... (How to Fix)

Q: What is the severity of CVE-2022-41180?

CVE-2022-41180 has a CVSS score of 7.8 (HIGH). This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious PDF file. Attackers can exploit improper memory management in PDFPublishing.dll to trigger stack-based buffer overflows or use dangling pointers. Users of SAP 3D Visual Enterprise Author version 9 who open untrusted PDF files are affected.

📋 TL;DR

This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious PDF file. Attackers can exploit improper memory management in PDFPublishing.dll to trigger stack-based buffer overflows or use dangling pointers. Users of SAP 3D Visual Enterprise Author version 9 who open untrusted PDF files are affected.

💻 Affected Systems

Products:

SAP 3D Visual Enterprise Author

Versions: Version 9

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open a malicious PDF file. The vulnerability is in PDFPublishing.dll component.

📦 What is this software?

3d Visual Enterprise Author by Sap

View all CVEs affecting 3d Visual Enterprise Author →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control of the victim's machine, enabling data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malicious code execution with the privileges of the user opening the PDF file, potentially leading to data exfiltration, credential theft, or malware installation.

🟢

If Mitigated

Limited impact if users only open trusted PDF files and the application runs with minimal privileges, though the vulnerability remains present.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious PDF) and knowledge of memory corruption techniques. No public exploit code has been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3245929

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3245929

Restart Required: Yes

Instructions:

1. Download the patch from SAP Support Portal using Note 3245929. 2. Apply the patch to SAP 3D Visual Enterprise Author version 9. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Restrict PDF file handling

windows

Configure the system to open PDF files with alternative applications or disable PDF handling in SAP 3D Visual Enterprise Author

User awareness and file restrictions

all

Train users to only open PDF files from trusted sources and implement file type restrictions

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Run SAP 3D Visual Enterprise Author with minimal user privileges and in isolated environments

🔍 How to Verify

Check if Vulnerable:

Check if SAP 3D Visual Enterprise Author version 9 is installed without Security Note 3245929 applied

Check Version:

Check application version through SAP GUI or system properties

Verify Fix Applied:

Verify that Security Note 3245929 has been successfully applied through SAP's patch management system

📡 Detection & Monitoring

Log Indicators:

Application crashes related to PDFPublishing.dll
Unusual process creation from SAP 3D Visual Enterprise Author

Network Indicators:

Unexpected outbound connections from systems running the vulnerable software

SIEM Query:

Process creation where parent process contains 'SAP 3D Visual Enterprise Author' and child process is unusual for the environment

📊 Metadata

CVE ID: CVE-2022-41180

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: October 11, 2022

Last Updated: February 25, 2026

🔗 References

https://launchpad.support.sap.com/#/notes/3245929 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://launchpad.support.sap.com/#/notes/3245929 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-41180, you might also want to check these: