CVE-2013-3664 - Vulnerability Details - OpenCVE

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Sketchup
Trimble	Sketchup

Configuration 1 [-]

OR	cpe:2.3:a:google:sketchup:6.0:maintenance_6::::::
	cpe:2.3:a:google:sketchup:7.0:maintenance_1::::::
	cpe:2.3:a:google:sketchup:7.1:::::::*
	cpe:2.3:a:google:sketchup:7.1:maintenance_1::::::
	cpe:2.3:a:google:sketchup:7.1:maintenance_2::::::
	cpe:2.3:a:google:sketchup:8.0:::::::*
	cpe:2.3:a:google:sketchup:8.0:maintenance_1::::::
	cpe:2.3:a:google:sketchup:8.0:maintenance_2::::::
	cpe:2.3:a:google:sketchup:8.0:maintenance_3::::::
	cpe:2.3:a:google:sketchup:8.0:maintenance_4::::::
	cpe:2.3:a:trimble:sketchup::maintenance_5::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html
http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html
http://secunia.com/advisories/53635
http://www.binamuse.com/advisories/BINA-20130521A.txt
http://www.securityfocus.com/bid/60248
https://exchange.xforce.ibmcloud.com/vulnerabilities/84723

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-07-01T17:00:00

Updated: 2024-08-06T16:14:56.582Z

Reserved: 2013-05-24T00:00:00

Link: CVE-2013-3664

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-07-01T17:55:03.947

Modified: 2024-11-21T01:54:05.613

Link: CVE-2013-3664

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"}, {"name": "sketchup-cve20133664-bo(84723)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}, {"name": "60248", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60248"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"name": "53635", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53635"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"}, {"name": "http://www.binamuse.com/advisories/BINA-20130521A.txt", "refsource": "MISC", "url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"}, {"name": "sketchup-cve20133664-bo(84723)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}, {"name": "60248", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60248"}, {"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html", "refsource": "MISC", "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"name": "53635", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53635"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.582Z"}, "title": "CVE Program Container", "references": [{"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"}, {"name": "sketchup-cve20133664-bo(84723)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}, {"name": "60248", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60248"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"name": "53635", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53635"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3664", "datePublished": "2014-07-01T17:00:00", "dateReserved": "2013-05-24T00:00:00", "dateUpdated": "2024-08-06T16:14:56.582Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*", "matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*", "matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_2:*:*:*:*:*:*", "matchCriteriaId": "C4860803-6E0F-448B-981C-4A2531F7455C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_3:*:*:*:*:*:*", "matchCriteriaId": "F2DB039C-B6A2-44C0-84FF-BDDAEDFEF906", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_4:*:*:*:*:*:*", "matchCriteriaId": "739B944B-51C0-460B-B82B-189F04A3BD87", "vulnerable": true}, {"criteria": "cpe:2.3:a:trimble:sketchup:*:maintenance_5:*:*:*:*:*:*", "matchCriteriaId": "89A70422-04F4-4358-8B2F-860045AFE586", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."}, {"lang": "es", "value": "Trimble SketchUp (anteriormente Google SketchUp) anterior a 2013 (13.0.3689) permite a atacantes remotos inyectar c\u00f3digo arbitrario a trav\u00e9s de una tabla de paleta de color en una textura MAC Pict, lo que provoca una escritura en pila fuera de rango. NOTA: est\u00e1 vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2013-3662. NOTA: este problema fue dividido (SPLIT) debido a diferentes productos y bases de c\u00f3digos afectados (ADT1); CVE-2013-7388 ha sido asignado al problema paintlib."}], "id": "CVE-2013-3664", "lastModified": "2024-11-21T01:54:05.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-07-01T17:55:03.947", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/53635"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/60248"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/53635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/60248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}