Remote Code Execution Vulnerability in Timbre SketchUp by Google
CVE-2013-3662

Currently unrated

Key Information:

Vendor: Google
Status: Sketchup
Vendor: CVE Published:; 1 July 2014

Summary

Timbre SketchUp, prior to the 8 Maintenance 2 version, contains a vulnerability that allows remote attackers to execute arbitrary code. This is achieved through a specially crafted color palette table, which triggers a stack-based buffer overflow when processed by the software. This vulnerability poses serious risks, as it could allow unauthorized users to gain control over affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84720

vdb-entryx_refsource_XF

http://blog.binamuse.com/2013/05/multiple-vulnerabilities...

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2013-06/00...

mailing-listx_refsource_BUGTRAQ

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 1, 2014
Vulnerability Reserved
May 24, 2013