Google SketchUp < 13.0.3689 SKP Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

A 3-D modeling application on the remote Windows host is affected by
multiple buffer overflow vulnerabilities.

Description :

The version of Google SketchUp installed on the remote Windows host is
earlier than 13.0.3689. As such, it reportedly is affected by multiple
buffer overflows related to the handling of '.SKP' files. Specially
crafted files containing BMP RLE4 compressed textures or MAC Pict
textures can cause the application to crash or execute arbitrary code.

See also :

http://www.nessus.org/u?32c70014
http://www.binamuse.com/advisories/BINA-20130521A.txt
http://www.binamuse.com/advisories/BINA-20130521B.txt

Solution :

Upgrade to Trimble SketchUp 2013 (13.0.3689) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66926 ()

Bugtraq ID: 60248
68451

CVE ID: CVE-2013-3664
CVE-2013-7388

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now