HTTP: Google SketchUp PICT File Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Google SketchUp. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
Affected Products
Trimble sketchup
Short Name
HTTP:STC:GOOGLE-SKETCHUP-PICT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2013-3664 File Google Overflow PICT SketchUp bid:60248
Release Date
07/15/2013
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3735
False Positive
Unknown
Vendors
Trimble
CVSS Score
9.3