CVE-2022-39804 in 3D Visual Enterprise Author
Summary
by MITRE • 10/12/2022
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/02/2026
The vulnerability identified as CVE-2022-39804 represents a critical memory safety issue within SAP 3D Visual Enterprise Author version 9, specifically affecting the handling of manipulated SolidWorks Part files with the .sldprt extension. This flaw exists in the CoreCadTranslator.exe component that processes these file formats, creating a dangerous attack surface where untrusted input can lead to arbitrary code execution. The vulnerability stems from inadequate memory management practices that fail to properly validate or sanitize file contents before processing, allowing malicious actors to craft specially crafted files that exploit fundamental memory corruption mechanisms.
The technical exploitation of this vulnerability relies on stack-based buffer overflow conditions or dangling pointer reuse attacks that occur when the application attempts to process malformed SolidWorks Part files. When a victim opens such a manipulated file, the CoreCadTranslator.exe module fails to properly manage memory allocations and deallocations, creating opportunities for attackers to overwrite critical memory regions or reference freed memory locations. This memory corruption enables attackers to control program execution flow and potentially execute malicious code with the privileges of the affected application. The vulnerability specifically targets the memory management subsystem where file parsing operations occur, making it particularly dangerous as it can be triggered through simple file opening operations without requiring complex user interaction beyond the initial file access.
The operational impact of this vulnerability extends beyond simple remote code execution to encompass complete system compromise and potential lateral movement within enterprise networks. Organizations using SAP 3D Visual Enterprise Author version 9 face significant risk when processing files from untrusted sources, as the attack vector requires minimal user interaction and can be delivered through standard file sharing mechanisms. The vulnerability aligns with CWE-121 stack-based buffer overflow and CWE-416 use after free conditions, both of which are classified as high-risk memory safety issues in the Common Weakness Enumeration catalog. Attackers leveraging this vulnerability could gain persistent access to systems, escalate privileges, and potentially establish backdoors for continued unauthorized access.
Mitigation strategies for CVE-2022-39804 should prioritize immediate patching of SAP 3D Visual Enterprise Author to the latest secure versions that address the memory management flaws in CoreCadTranslator.exe. Organizations must implement strict file validation policies that prevent automatic processing of untrusted SolidWorks files, particularly those received through email attachments or file sharing systems. Network segmentation and application whitelisting can provide additional defense layers by restricting which systems can process 3D model files and limiting the potential impact of successful exploitation. Security teams should also monitor for suspicious file access patterns and implement automated threat detection systems that can identify attempts to exploit memory corruption vulnerabilities in CAD and visualization software. The ATT&CK framework categorizes this vulnerability under T1203 Exploitation for Client Execution and T1059 Command and Scripting Interpreter, emphasizing the need for comprehensive endpoint protection and user behavior monitoring to detect and prevent exploitation attempts.