SAP 3D Visual Enterprise Viewer .eps Buffer Overflow Vulnerability

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP (Germany). The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces.SAP 3D Visual Enterprise Viewer versions prior to 9.0 suffer from a buffer overflow vulnerability that stems from a lack of proper memory management and can be exploited by attackers via specially crafted files (.eps, ai.x3d) to remotely execute code when the payload forces a stack-based overflow or reuse a dangling pointer to an overwritten space in memory to remotely execute code.