Sketchup
CVE-2012-4894
CRITICAL
Severity by source
AV:N/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
AnalysisAI
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. Affected products include: Google Sketchup. Version information: before 8.0.14346.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code vi
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, a
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689),
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary c
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), th
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVS
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVS
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7
Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8)
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today