SAP 3D Visual Enterprise Viewer .svg buffer overflow vulnerability

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP (Germany). The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces. buffer overflow vulnerability in SAP 3D Visual Enterprise Viewer versions prior to 9.0, which stems from a lack of proper memory management, can be exploited by an attacker via specially crafted files (.svg, svg.x3d) to remotely execute code when the payload forces a stack-based overflow or reuse a dangling pointer to an overwritten space in memory to remotely execute code.