Memory Corruption Vulnerability in Trimble SketchUp Viewer SKP File Parsing
CVE-2024-9730

7.8HIGH

Key Information:

Vendor: Trimble
Status: Sketchup Viewer
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-9730?

A memory corruption vulnerability exists in the Trimble SketchUp Viewer relating to the parsing of SKP files. This flaw arises due to inadequate validation of user-supplied data, which can lead to a condition allowing attackers to execute arbitrary code. To exploit this vulnerability, user interaction is necessary, as the target must either visit a malicious webpage or open a compromised file. Successful exploitation gives attackers the ability to execute code in the context of the affected process, posing significant security risks to users of the software.

Affected Version(s)

SketchUp Viewer 22.0.316.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1381/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-9730 Data

JSON