HTTP: Google SketchUp BMP File Buffer Overflow (CVE-2013-3664)
This signature detects attempts to exploit a known vulnerability in the Trimble Navigation (formerly Google) SketchUp. A successful attack may lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
Affected Products
Trimble sketchup
Short Name
HTTP:GOOGLE-SKETCHUP-BMP-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(CVE-2013-3664) BMP Buffer CVE-2013-3664 File Google Overflow SketchUp bid:60248
Release Date
07/23/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Trimble
CVSS Score
9.3