CVE-2013-3662
Sketchup MAC Pict Material Palette Stack Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
Timbre SketchUp (anteriormente Google SketchUp) anterior a 8 Maintenance 2 permite a atacantes remotos ejecutar código arbitrario a través de una tabla de la paleta de color en una textura MAC Pict, lo que provoca un desbordamiento de buffer basado en pila.
SketchUp is a 3D modeling program marketed by Google (2011) and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing an embedded MACPict texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a stack overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-05-24 CVE Reserved
- 2013-05-31 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/84720 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html | 2024-08-06 | |
http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Sketchup Search vendor "Google" for product "Sketchup" | <= 8.0 Search vendor "Google" for product "Sketchup" and version " <= 8.0" | maintenance_1 |
Affected
| ||||||
Google Search vendor "Google" | Sketchup Search vendor "Google" for product "Sketchup" | 8.0 Search vendor "Google" for product "Sketchup" and version "8.0" | - |
Affected
|