Google SketchUp < 8.0 SKP File Malformed Edge Geometry Handling Remote Code Execution
High Nessus Plugin ID 56713
SynopsisThe remote host has a 3-D modeling application that is affected by a remote code execution vulnerability.
DescriptionThe version of Google SketchUp installed on the remote Windows host is earlier than 8.0. It thus reportedly fails to handle certain types of invalid geometry described in '.SKP' files and is affected by a buffer overflow vulnerability. An attacker can exploit this issue by providing a specially crafted '.SKP' file to the victim that can execute arbitrary code in the context of the application.
SolutionUpgrade to Google SketchUp 8.0 or later.