Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with Google SketchUp and is prone to to remote code execution vulnerability.

Impact

Successful exploitation could allow attackers to cause SketchUp to exit unexpectedly and execute arbitrary code by tricking a user into opening a specially crafted '.SKP' file. Impact Level: System/Application

Solution

Upgrade to Google SketchUp version 8.0 or later, For updates refer to http://sketchup.google.com/download/index2.html

Insight

The flaw is due to an error when handling certain types of invalid edge geometry in a specially crafted SketchUp (.SKP) file.

Affected

Google SketchUp version 7.1 Maintenance Release 2 and prior on Mac OS X

References

http://secunia.com/advisories/38187
http://technet.microsoft.com/en-us/security/msvr/msvr11-006
http://xforce.iss.net/xforce/xfdb/68147

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2478

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)

Take action and discover your vulnerabilities