1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Trimble Sketchup CVE-2013-3664

Attack: Trimble Sketchup CVE-2013-3664

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in Trimble SketchUp which could result in remote code execution.

Additional Information

Trimble SketchUp is an application for creating, modifying, and sharing 3D models.

Trimble SketchUp is prone to following vulnerabilities:

1. A remote heap-based buffer-overflow vulnerability exists because it fails to perform adequate checks on user-supplied input when parsing an embedded 'BMP RLE4' compressed texture.

2. A remote stack-based buffer-overflow vulnerability exists because it fails to perform adequate checks on user-supplied input when parsing an embedded 'MACPict' texture.

Specifically, these issues are triggered when Windows Explorer reads the embedded thumbnail in a '.skp' file.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

Affected

  • The following versions are vulnerable.
  • Trimble SketchUp 8 - Maintenance 5
  • Trimble SketchUp 8 - Maintenance 4
  • Trimble SketchUp 8 - Maintenance 3
  • Trimble SketchUp 8 - Maintenance 2
  • Trimble SketchUp 8 - Maintenance 1
  • Trimble SketchUp 8
  • Trimble SketchUp 7.1 - Maintenance 2
  • Trimble SketchUp 7.1 - Maintenance 1
  • Trimble SketchUp 7.1
  • Trimble SketchUp 7 - Maintenance 1
  • Trimble SketchUp Pro 6 - Maintenance 6

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube