Login Sign Up

CVE-2022-41185

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in SAP 3D Visual Enterprise Author allows remote code execution when a user opens a malicious Visual Design Stream (.vds) file. Attackers can exploit improper memory management to trigger stack-based buffer overflows or use dangling pointers. Users of SAP 3D Visual Enterprise Author version 9 are affected.

💻 Affected Systems

Products:
  • SAP 3D Visual Enterprise Author
Versions: Version 9
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open a malicious .vds file. The vulnerability is in MataiPersistence.dll.

📦 What is this software?

3d Visual Enterprise Author by Sap

View all CVEs affecting 3d Visual Enterprise Author →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the victim's system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malicious code execution in the context of the current user, allowing file system access, credential harvesting, and installation of backdoors or malware.

🟢

If Mitigated

No impact if users don't open untrusted .vds files or if the application is patched.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file). The CWE-119 classification indicates improper memory handling vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3245929

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3245929

Restart Required: Yes

Instructions:

1. Download the patch from SAP Support Portal using Note 3245929. 2. Apply the patch to SAP 3D Visual Enterprise Author version 9. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Block .vds file extensions

all

Prevent opening of .vds files at the system or email gateway level

User awareness training

all

Train users not to open .vds files from untrusted sources

🧯 If You Can't Patch

  • Restrict user permissions to limit potential damage from exploitation
  • Implement application whitelisting to prevent unauthorized executables from running

🔍 How to Verify

Check if Vulnerable:

Check if SAP 3D Visual Enterprise Author version 9 is installed without SAP Security Note 3245929 applied

Check Version:

Check application About dialog or installation directory for version information

Verify Fix Applied:

Verify that SAP Security Note 3245929 is applied and the application version shows the patch is installed

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening .vds files
  • Unusual process creation from SAP 3D Visual Enterprise Author

Network Indicators:

  • Downloads of .vds files from untrusted sources
  • Outbound connections from the application to suspicious IPs

SIEM Query:

Process creation where parent process is SAP 3D Visual Enterprise Author and child process is cmd.exe, powershell.exe, or other suspicious executables

📊 Metadata

CVE ID: CVE-2022-41185
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: October 11, 2022
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-41185, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)