Google SketchUp < 8.0 SKP File Malformed Edge Geometry Handling Remote Code Execution

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a 3-D modeling application that is affected by a
remote code execution vulnerability.

Description :

The version of Google SketchUp installed on the remote Windows host is
earlier than 8.0. It thus reportedly fails to handle certain types of
invalid geometry described in '.SKP' files and is affected by a buffer
overflow vulnerability. An attacker can exploit this issue by providing
a specially crafted '.SKP' file to the victim that can execute arbitrary
code in the context of the application.

See also :

http://www.nessus.org/u?59c67587

Solution :

Upgrade to Google SketchUp 8.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 56713 ()

Bugtraq ID: 48363

CVE ID: CVE-2011-2478

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now