Out-Of-Bounds Read Vulnerability in Trimble SketchUp Viewer
CVE-2024-9718

7.8HIGH

Key Information:

Vendor: Trimble
Status: Sketchup Viewer
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-9718?

The Trimble SketchUp Viewer contains a vulnerability in its SKP file parsing mechanism, allowing for out-of-bounds read and potentially enabling remote code execution. This flaw arises from insufficient validation of data provided by users, which can result in reading beyond the allocated memory buffer. For exploitation to occur, a user must either access a malicious webpage or open a specially crafted SKP file designed to trigger this vulnerability. This weakness exposes users to risks where attackers could execute arbitrary code under the permissions of the current process, highlighting the importance of secure file handling within software applications.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1378/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024