Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Google SketchUp and is prone to to remote code execution vulnerability.

Impact

Successful exploitation could allow attackers to cause SketchUp to exit unexpectedly and execute arbitrary code by tricking a user into opening a specially crafted '.SKP' file. Impact Level: System/Application

Solution

Upgrade to Google SketchUp version 8.0 or later, For updates refer to http://sketchup.google.com/download/index2.html

Insight

The flaw is due to an error when handling certain types of invalid edge geometry in a specially crafted SketchUp (.SKP) file.

Affected

Google SketchUp version 7.1 Maintenance Release 2 and prior on Windows

References

http://secunia.com/advisories/38187
http://technet.microsoft.com/en-us/security/msvr/msvr11-006
http://xforce.iss.net/xforce/xfdb/68147

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2478

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Windows

Take action and discover your vulnerabilities