Remote Code Execution Vulnerability in Trimble SketchUp Viewer
CVE-2024-9715

7.8HIGH

Key Information:

Vendor: Trimble
Status: Sketchup Viewer
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-9715?

This vulnerability in Trimble SketchUp Viewer permits remote code execution through improper handling of SKP file parsing. The flaw arises when the application fails to validate the existence of an object before performing operations, enabling an attacker to exploit this weakness by prompting a user to either visit a malicious webpage or open a compromised file. Successful exploitation results in the execution of arbitrary code within the context of the application, potentially compromising the system's security.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1376/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024