Search criteria
15 vulnerabilities found for sketchup by google
VAR-201602-0173
Vulnerability from variot - Updated: 2025-04-13 23:34Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. In addition, this case SketchUp May be a vulnerability.Skillfully crafted by a third party SketchUp Arbitrary code may be executed through the documentation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SketchUp documents. With a specially crafted SketchUp document, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "3d visual enterprise viewer",
"scope": null,
"trust": 4.8,
"vendor": "sap",
"version": null
},
{
"_id": null,
"model": "3d visual enterprise viewer",
"scope": "eq",
"trust": 1.2,
"vendor": "sap",
"version": "*"
},
{
"_id": null,
"model": "sketchup",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "*"
},
{
"_id": null,
"model": "sketchup",
"scope": null,
"trust": 0.8,
"vendor": "trimble",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:3d_visual_enterprise_viewer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trimble:sketchup",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
}
],
"trust": 2.8
},
"cve": "CVE-2016-2536",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-2536",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 4.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01480",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2536",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-2536",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2536",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2536",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-01480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"description": {
"_id": null,
"data": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. In addition, this case SketchUp May be a vulnerability.Skillfully crafted by a third party SketchUp Arbitrary code may be executed through the documentation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SketchUp documents. With a specially crafted SketchUp document, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
}
],
"trust": 4.86
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-2536",
"trust": 5.2
},
{
"db": "ZDI",
"id": "ZDI-16-176",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-16-173",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-16-174",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-16-175",
"trust": 3.1
},
{
"db": "BID",
"id": "83307",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-01480",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2974",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2976",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2975",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2979",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396",
"trust": 0.6
},
{
"db": "IVD",
"id": "D4504B9C-1E42-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"id": "VAR-201602-0173",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
}
]
},
"last_update_date": "2025-04-13T23:34:02.296000Z",
"patch": {
"_id": null,
"data": [
{
"title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.06/30/2015 - Disclosed vulnerability reports to vendor09/28/2015 - The vendor let ZDI know that they would need an extension09/29/2015 - ZDI agreed to an extension02/09/2016 - ZDI notified the vendor that these would move to 0-day02/09/2016 - The vendor replied that: \"This issue is related to SketchUp having this vulnerability. SketchUp has refused to provide a patch. Is it still possible to ask for an \u0027exceptional\u0027 extension for us to manage a work-around?\"02/10/2016 - ZDI responded \"No further extension can be granted.\"-- Mitigation:Given the stated purpose of SAP 3D Virtual Enterprise Viewer, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.-- Vendor Response:On 2/26/2016 SAP notified ZDI of the following available updates:2281195 \u003c - Potential remote termination of running processes in SAP Visual Enterprise Author, Generator and ViewerAn attacker can remotely exploit SAP Visual Enterprise Author, Generator and Viewer version 8.0, which may lead to application termination.Customers are advised to apply Note 2281195 \u003c immediately. We would like to remind our customers to secure SAP systems by installing all available security patches. You can find security notes and patches in the SAP Support Portal here \u003chttps://support.sap.com/securitynotes\u003e .",
"trust": 2.8,
"url": "https://service.sap.com/sap/support/notes/2281195\u003e"
},
{
"title": "SAP 3D Visual Enterprise Viewer",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/display/SVE/SAP+3D+Visual+Enterprise+Viewer"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.6,
"url": "https://service.sap.com/sap/support/notes/2281195\u003e"
},
{
"trust": 2.8,
"url": "https://support.sap.com/securitynotes\u003e"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-173"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-174"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-175"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-176"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/83307"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2536"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2536"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-176/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-173",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-174",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-176",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-175",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-01480",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-2536",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-173",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-174",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-176",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-175",
"ident": null
},
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01480",
"ident": null
},
{
"date": "2016-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"ident": null
},
{
"date": "2016-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-396",
"ident": null
},
{
"date": "2016-02-22T15:59:03.097000",
"db": "NVD",
"id": "CVE-2016-2536",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-173",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-174",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-176",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-175",
"ident": null
},
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01480",
"ident": null
},
{
"date": "2016-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"ident": null
},
{
"date": "2016-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-396",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2536",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "(0Day) SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
}
],
"trust": 2.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
}
],
"trust": 0.6
}
}
CVE-2016-2536 (GCVE-0-2016-2536)
Vulnerability from nvd – Published: 2016-02-22 15:05 – Updated: 2024-08-05 23:32
VLAI?
Summary
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-175",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-173",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-174",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-176",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2536",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-22T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7388 (GCVE-0-2013-7388)
Vulnerability from nvd – Published: 2014-07-01 17:00 – Updated: 2024-08-06 18:09
VLAI?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binamuse.com/advisories/BINA-20130521B.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7388",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2014-07-01T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3664 (GCVE-0-2013-3664)
Vulnerability from nvd – Published: 2014-07-01 17:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"name": "http://www.binamuse.com/advisories/BINA-20130521A.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3664",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3662 (GCVE-0-2013-3662)
Vulnerability from nvd – Published: 2014-07-01 17:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3662",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3663 (GCVE-0-2013-3663)
Vulnerability from nvd – Published: 2014-06-13 14:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3663",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4894 (GCVE-0-2012-4894)
Vulnerability from nvd – Published: 2012-10-05 10:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85570",
"refsource": "OSVDB",
"url": "http://osvdb.org/85570"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-015",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs",
"refsource": "MISC",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4894",
"datePublished": "2012-10-05T10:00:00",
"dateReserved": "2012-09-12T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2478 (GCVE-0-2011-2478)
Vulnerability from nvd – Published: 2012-04-17 18:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-16T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1",
"refsource": "CONFIRM",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2478",
"datePublished": "2012-04-17T18:00:00",
"dateReserved": "2011-06-14T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2536 (GCVE-0-2016-2536)
Vulnerability from cvelistv5 – Published: 2016-02-22 15:05 – Updated: 2024-08-05 23:32
VLAI?
Summary
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-175",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-173",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-174",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-176",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2536",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-22T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3664 (GCVE-0-2013-3664)
Vulnerability from cvelistv5 – Published: 2014-07-01 17:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"name": "http://www.binamuse.com/advisories/BINA-20130521A.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3664",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7388 (GCVE-0-2013-7388)
Vulnerability from cvelistv5 – Published: 2014-07-01 17:00 – Updated: 2024-08-06 18:09
VLAI?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binamuse.com/advisories/BINA-20130521B.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7388",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2014-07-01T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3662 (GCVE-0-2013-3662)
Vulnerability from cvelistv5 – Published: 2014-07-01 17:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3662",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3663 (GCVE-0-2013-3663)
Vulnerability from cvelistv5 – Published: 2014-06-13 14:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3663",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4894 (GCVE-0-2012-4894)
Vulnerability from cvelistv5 – Published: 2012-10-05 10:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85570",
"refsource": "OSVDB",
"url": "http://osvdb.org/85570"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-015",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs",
"refsource": "MISC",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4894",
"datePublished": "2012-10-05T10:00:00",
"dateReserved": "2012-09-12T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2478 (GCVE-0-2011-2478)
Vulnerability from cvelistv5 – Published: 2012-04-17 18:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-16T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1",
"refsource": "CONFIRM",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2478",
"datePublished": "2012-04-17T18:00:00",
"dateReserved": "2011-06-14T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}