All the vulnerabilites related to Trimble - SketchUp Viewer
cve-2024-9726
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1475/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:55.440-05:00",
"datePublic": "2024-11-12T16:21:28.840-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24110."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:57.381Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1475",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1475/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9726",
"datePublished": "2024-11-22T20:51:57.381Z",
"dateReserved": "2024-10-09T19:38:55.419Z",
"dateUpdated": "2024-11-22T20:51:57.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9729
Vulnerability from cvelistv5
Published
2024-11-22 20:52
Modified
2024-11-22 20:52
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1380/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:39:09.999-05:00",
"datePublic": "2024-10-11T17:10:23.785-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24144."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:52:11.935Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1380",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1380/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9729",
"datePublished": "2024-11-22T20:52:11.935Z",
"dateReserved": "2024-10-09T19:39:09.985Z",
"dateUpdated": "2024-11-22T20:52:11.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9717
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1377/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:21.177-05:00",
"datePublic": "2024-10-11T17:09:57.982-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24101."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:18.565Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1377",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1377/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9717",
"datePublished": "2024-11-22T20:51:18.565Z",
"dateReserved": "2024-10-09T19:38:21.163Z",
"dateUpdated": "2024-11-22T20:51:18.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9728
Vulnerability from cvelistv5
Published
2024-11-22 20:52
Modified
2024-11-22 20:52
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1484/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:39:05.488-05:00",
"datePublic": "2024-11-12T16:22:22.991-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24112."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:52:07.576Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1484",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1484/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9728",
"datePublished": "2024-11-22T20:52:07.576Z",
"dateReserved": "2024-10-09T19:39:05.473Z",
"dateUpdated": "2024-11-22T20:52:07.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50187
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1837/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:20:11.840503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:49.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1837",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1837/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.477-06:00",
"datePublic": "2023-12-20T14:56:14.337-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20789."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:14.732Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1837",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1837/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50187",
"datePublished": "2024-05-03T02:14:14.732Z",
"dateReserved": "2023-12-05T16:15:17.537Z",
"dateUpdated": "2024-08-02T22:09:49.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50192
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1842/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T16:32:23.770648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:53.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1842",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1842/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.510-06:00",
"datePublic": "2023-12-20T14:56:56.427-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21786."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:18.582Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1842",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1842/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell \u0026 Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50192",
"datePublished": "2024-05-03T02:14:18.582Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9723
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 21:16
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1480/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.316.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:15:39.843489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:16:10.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:43.129-05:00",
"datePublic": "2024-11-12T16:22:00.016-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24107."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:43.626Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1480",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1480/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9723",
"datePublished": "2024-11-22T20:51:43.626Z",
"dateReserved": "2024-10-09T19:38:43.111Z",
"dateUpdated": "2024-11-22T21:16:10.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50193
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1843/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:17:44.519992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:57.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1843",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1843/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.516-06:00",
"datePublic": "2023-12-20T14:57:06.030-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21787."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:19.322Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1843",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1843/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50193",
"datePublished": "2024-05-03T02:14:19.322Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9714
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1483/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:08.808-05:00",
"datePublic": "2024-11-12T16:22:16.398-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24097."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:06.898Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1483",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1483/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9714",
"datePublished": "2024-11-22T20:51:06.898Z",
"dateReserved": "2024-10-09T19:38:08.792Z",
"dateUpdated": "2024-11-22T20:51:06.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50188
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1838/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:20:03.535108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:52.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1838",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1838/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.483-06:00",
"datePublic": "2023-12-20T14:56:21.852-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20792."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:15.489Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1838",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1838/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50188",
"datePublished": "2024-05-03T02:14:15.489Z",
"dateReserved": "2023-12-05T16:15:17.537Z",
"dateUpdated": "2024-08-02T22:09:49.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9727
Vulnerability from cvelistv5
Published
2024-11-22 20:52
Modified
2024-11-22 20:52
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1476/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:59.170-05:00",
"datePublic": "2024-11-12T16:21:34.432-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24111."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:52:03.170Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1476",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1476/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9727",
"datePublished": "2024-11-22T20:52:03.170Z",
"dateReserved": "2024-10-09T19:38:59.155Z",
"dateUpdated": "2024-11-22T20:52:03.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50189
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1839/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:19:59.633282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:58.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1839",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1839/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.491-06:00",
"datePublic": "2023-12-20T14:56:29.941-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21783."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:16.255Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1839",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1839/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50189",
"datePublished": "2024-05-03T02:14:16.255Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9725
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1478/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:51.843-05:00",
"datePublic": "2024-11-12T16:21:50.544-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24109."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:52.444Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1478",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1478/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9725",
"datePublished": "2024-11-22T20:51:52.444Z",
"dateReserved": "2024-10-09T19:38:51.810Z",
"dateUpdated": "2024-11-22T20:51:52.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9730
Vulnerability from cvelistv5
Published
2024-11-22 20:52
Modified
2024-11-22 20:52
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1381/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:39:13.623-05:00",
"datePublic": "2024-10-11T17:10:30.764-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24146."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:52:15.882Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1381",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1381/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9730",
"datePublished": "2024-11-22T20:52:15.882Z",
"dateReserved": "2024-10-09T19:39:13.599Z",
"dateUpdated": "2024-11-22T20:52:15.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9715
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1376/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:12.812-05:00",
"datePublic": "2024-10-11T17:09:50.846-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24098."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:10.855Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1376",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1376/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9715",
"datePublished": "2024-11-22T20:51:10.855Z",
"dateReserved": "2024-10-09T19:38:12.794Z",
"dateUpdated": "2024-11-22T20:51:10.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9719
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1379/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:28.665-05:00",
"datePublic": "2024-10-11T17:10:16.454-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24103."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:26.475Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1379",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1379/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9719",
"datePublished": "2024-11-22T20:51:26.475Z",
"dateReserved": "2024-10-09T19:38:28.647Z",
"dateUpdated": "2024-11-22T20:51:26.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9721
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1482/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:35.852-05:00",
"datePublic": "2024-11-12T16:22:11.308-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24105."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:34.374Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1482",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1482/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9721",
"datePublished": "2024-11-22T20:51:34.374Z",
"dateReserved": "2024-10-09T19:38:35.752Z",
"dateUpdated": "2024-11-22T20:51:34.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50190
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1840/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:19:54.139939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:45.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1840",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1840/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.497-06:00",
"datePublic": "2023-12-20T14:56:37.752-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21784."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:17.079Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1840",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1840/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50190",
"datePublished": "2024-05-03T02:14:17.079Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9722
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1481/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:39.735-05:00",
"datePublic": "2024-11-12T16:22:05.964-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24106."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:39.203Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1481",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1481/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9722",
"datePublished": "2024-11-22T20:51:39.203Z",
"dateReserved": "2024-10-09T19:38:39.719Z",
"dateUpdated": "2024-11-22T20:51:39.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7508
Vulnerability from cvelistv5
Published
2024-11-22 21:31
Modified
2024-11-22 21:31
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1054/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354.0"
}
]
}
],
"dateAssigned": "2024-08-05T15:10:26.689-05:00",
"datePublic": "2024-08-05T15:19:23.969-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19575."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:31:38.790Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1054",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1054/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7508",
"datePublished": "2024-11-22T21:31:38.790Z",
"dateReserved": "2024-08-05T20:10:26.648Z",
"dateUpdated": "2024-11-22T21:31:38.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9716
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1375/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:16.674-05:00",
"datePublic": "2024-10-11T17:09:44.488-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24100."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:14.651Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1375",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1375/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9716",
"datePublished": "2024-11-22T20:51:14.651Z",
"dateReserved": "2024-10-09T19:38:16.659Z",
"dateUpdated": "2024-11-22T20:51:14.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50194
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1844/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:17:37.769697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:01.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1844",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1844/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.522-06:00",
"datePublic": "2023-12-20T14:57:13.630-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21788."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:20.113Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1844",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1844/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50194",
"datePublished": "2024-05-03T02:14:20.113Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50191
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1841/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:17:51.822347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:47.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1841",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1841/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.503-06:00",
"datePublic": "2023-12-20T14:56:48.389-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21785."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:17.790Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1841",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1841/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50191",
"datePublished": "2024-05-03T02:14:17.790Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50196
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1846/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:22.0.354:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T13:17:20.567943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T16:32:55.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1846",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1846/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.532-06:00",
"datePublic": "2023-12-20T14:57:29.778-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21800."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:21.639Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1846",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1846/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50196",
"datePublished": "2024-05-03T02:14:21.639Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9731
Vulnerability from cvelistv5
Published
2024-11-22 20:52
Modified
2024-11-22 20:52
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1485/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:39:17.914-05:00",
"datePublic": "2024-11-12T16:22:28.586-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24145."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:52:19.887Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1485",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1485/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9731",
"datePublished": "2024-11-22T20:52:19.887Z",
"dateReserved": "2024-10-09T19:39:17.898Z",
"dateUpdated": "2024-11-22T20:52:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50195
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1845/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trimble:sketchup_viewer:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sketchup_viewer",
"vendor": "trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T16:29:49.605591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:08.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1845",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1845/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.354"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.527-06:00",
"datePublic": "2023-12-20T14:57:22.157-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files.\nThe issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21799."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:20.872Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1845",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1845/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50195",
"datePublished": "2024-05-03T02:14:20.872Z",
"dateReserved": "2023-12-05T16:15:17.538Z",
"dateUpdated": "2024-08-02T22:09:49.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9724
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1479/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:46.795-05:00",
"datePublic": "2024-11-12T16:21:55.287-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24108."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:47.283Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1479",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1479/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9724",
"datePublished": "2024-11-22T20:51:47.283Z",
"dateReserved": "2024-10-09T19:38:46.779Z",
"dateUpdated": "2024-11-22T20:51:47.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9718
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1378/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:24.641-05:00",
"datePublic": "2024-10-11T17:10:04.726-05:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24102."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:22.502Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1378",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1378/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9718",
"datePublished": "2024-11-22T20:51:22.502Z",
"dateReserved": "2024-10-09T19:38:24.623Z",
"dateUpdated": "2024-11-22T20:51:22.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9720
Vulnerability from cvelistv5
Published
2024-11-22 20:51
Modified
2024-11-22 20:51
Severity ?
EPSS score ?
Summary
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1477/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trimble | SketchUp Viewer |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SketchUp Viewer",
"vendor": "Trimble",
"versions": [
{
"status": "affected",
"version": "22.0.316.0"
}
]
}
],
"dateAssigned": "2024-10-09T14:38:32.285-05:00",
"datePublic": "2024-11-12T16:21:45.289-06:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24104."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:51:30.725Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1477",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1477/"
}
],
"source": {
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
"title": "Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9720",
"datePublished": "2024-11-22T20:51:30.725Z",
"dateReserved": "2024-10-09T19:38:32.261Z",
"dateUpdated": "2024-11-22T20:51:30.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}