Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:GOOGLE-SKETCHUP-BMP-BO |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Google SketchUp BMP File Buffer Overflow (CVE-2013-3664) |
Release Date |
2013/07/23 |
Update Number |
2283 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Google SketchUp BMP File Buffer Overflow (CVE-2013-3664)
This signature detects attempts to exploit a known vulnerability in the Trimble Navigation (formerly Google) SketchUp. A successful attack may lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
Affected Products
- Google sketchup 6.0
- Google sketchup 7.0
- Google sketchup 7.1
- Google sketchup 8.0
- Trimble sketchup 8.0
References
- BugTraq: 60248
- CVE: CVE-2013-3664