Trimble Sketchup CVE-2013-3664 Stack Based Buffer Overflow Vulnerability

Trimble SketchUp is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

The following versions are vulnerable.

Trimble SketchUp 8 - Maintenance 5
Trimble SketchUp 8 - Maintenance 4
Trimble SketchUp 8 - Maintenance 3
Trimble SketchUp 8 - Maintenance 2
Trimble SketchUp 8 - Maintenance 1
Trimble SketchUp 8
Trimble SketchUp 7.1 - Maintenance 2
Trimble SketchUp 7.1 - Maintenance 1
Trimble SketchUp 7.1
Trimble SketchUp 7 - Maintenance 1
Trimble SketchUp Pro 6 - Maintenance 6

Note 1: The issue described by CVE-2013-7388 has been moved to BID 68451 (paintlib CVE-2013-7388 Heap Based Buffer Overflow Vulnerability) for better documentation.

Note 2: This issue was previously titled 'Trimble Sketchup CVE-2013-3664 Multiple Buffer Overflow Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected.


Privacy Statement
Copyright 2010, SecurityFocus