---------------------------------------------------------------------- Accurate Vulnerability Scanning No more false positives, no more false negatives http://secunia.com/vulnerability_scanning/ ---------------------------------------------------------------------- TITLE: Google SketchUp 3DS and SKP Processing Vulnerabilities SECUNIA ADVISORY ID: SA38187 VERIFY ADVISORY: http://secunia.com/advisories/38187/ DESCRIPTION: Two vulnerabilities have been reported in Google SketchUp, which can be exploited by malicious people to compromise a user's system. 1) An array indexing error when processing 3DS files can be exploited to corrupt memory. For more information: SA38185 2) An integer overflow error when processing SKP files can be exploited to corrupt heap memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 7.1 Maintenance 2. SOLUTION: Update to version 7.1 Maintenance 2. PROVIDED AND/OR DISCOVERED BY: 1) Francisco Falcon, Core Security Technologies 2) The vendor credits Dave Weston from the Microsoft Vulnerability Research Center. ORIGINAL ADVISORY: Google: http://sketchup.google.com/support/bin/answer.py?hl=en&answer=141303 Core Security: http://www.coresecurity.com/content/google-sketchup-vulnerability OTHER REFERENCES: SA38185: http://secunia.com/advisories/38185/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------