Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Google SketchUp and is prone to to memory corruption vulnerability.

Impact

Successful exploitation will allow the attacker to execute arbitrary code in the context of the user running the application which can compromise the application and possibly the system. Impact Level: System/Application

Solution

Upgrade to Google SketchUp version 8 Maintenance Release 3 or later, For updates refer to http://sketchup.google.com/download/index2.html

Insight

SketchUp fails to parse specially crafted SketchUp document (SKP) files and can be exploited to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.

Affected

Google SketchUp version 8 Maintenance Release 2 and prior on Windows

References

http://secunia.com/advisories/50663
http://technet.microsoft.com/en-us/security/msvr/msvr12-015
http://www.osvdb.org/85570

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4894

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Windows)
3S CoDeSys CmpWebServer Multiple Vulnerabilities
Adobe Air Multiple Vulnerabilities - November12 (Windows)

Take action and discover your vulnerabilities