{"vuid":"VU#586958","idnumber":"586958","name":"SketchUp Viewer buffer overflow vulnerability","keywords":["sketchup","cwe-121","buffer overflow"],"overview":"SketchUp Viewer version 13.0.4124 is vulnerable to a buffer overflow when opening a malformed .SKP file.","clean_desc":"CWE-121: Stack-based Buffer Overflow - CVE-2013-6038\nSketchUp Viewer version 13.0.4124 is vulnerable to a stack buffer overflow when parsing a specially crafted .SKP file. When executed, it may allow a remote unauthenticated attacker to run arbitrary code in the context of the logged in user. It is unknown if other versions of this software are also affected.","impact":"By convincing a user to open a specially crafted .SKP file with SketchUp, a remote unauthenticated attacker could execute arbitrary code on a vulnerable system in the context of the logged in user.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Use the Microsoft Enhanced Mitigation Experience Toolkit The Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to help prevent exploitation of these vulnerabilities. Use caution when opening email attachments See US-CERT tip ST04-010 for details.","sysaffected":"","thanks":"Thanks to Christopher Gabriel of Telos Corporation for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://cwe.mitre.org/data/definitions/121.html","http://support.microsoft.com/kb/2458544","http://www.us-cert.gov/ncas/tips/ST04-010"],"cveids":["CVE-2013-6038"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-09-13T14:34:56Z","publicdate":"2013-12-12T00:00:00Z","datefirstpublished":"2013-12-12T23:22:07Z","dateupdated":"2013-12-13T18:34:42Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.4","cvss_basevector":"AV:L/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"4","cvss_environmentalscore":"0.98505722770875","cvss_environmentalvector":"CDP:N/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}