Google SketchUp < 7.1 M2 Remote Code Execution Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a 3-D modeling application that is affected by two
remote code execution vulnerabilities.

Description :

The version of Google SketchUp installed on the remote host is earlier
than 7.1 Maintenance Release 2. Such versions fail to perform adequate
checks when processing data contained in '.SKP' and '.3DS' files,
therefore allowing memory to become corrupted. An attacker can exploit
this issue by providing a specially crafted '.SKP' or '.3DS' file to the
victim that can execute arbitrary code in the context of the
application.

See also :

http://www.nessus.org/u?4c7b37ca
http://www.nessus.org/u?59c67587
http://seclists.org/bugtraq/2010/Jan/85
http://www.coresecurity.com/content/google-sketchup-vulnerability

Solution :

Upgrade to Google SketchUp 7.1 Maintenance Release 2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56980 ()

Bugtraq ID: 35911
37708

CVE ID: CVE-2010-0316
CVE-2010-0280

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now