SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability Identification: - ZDI ID: ZDI-20-1166 - ZDI CAN ID: ZDI-CAN-11289 - CVE ID: CVE-2020-6349 Severity: - CVSS Score: 7.8 - Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Components: - Vendor: SAP - Product: 3D Visual Enterprise Viewer Description: - This vulnerability enables remote attackers to run arbitrary code on the targeted SAP 3D Visual Enterprise Viewer installations. It requires user interaction, as the victim must access a hostile web page or open a compromised file. - The vulnerability is caused by inadequate validation of user-supplied information during the processing of GIF files, potentially leading to memory corruption and enabling the attacker to run code in the context of the current process. Mitigation: - SAP has released an update to address this vulnerability. Additional information is available at: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 Disclosure Timeline: - Reported to Vendor: 2020-07-10 - Public Advisory Release: 2020-09-10 - Advisory Revision: 2021-01-27 Acknowledgment: - Researcher: Francis Provencher (PRL)