SketchUp Flaw (Security)?
-
I don't know enough about the inner workings of computers to confirm this but I thought it might be of interest.
"The bad news that I have for you today is that Google SketchUp is unfortunately vulnerable to dangerous attacks. It is currently at risk due to the factor that the application fails to correctly do boundary checks, with regard to the input supplied by the user. The particular vulnerability that Google SketchUp suffers from is a buffer overflow vulnerability."
http://www.pc1news.com/news/0902/drawing-your-attention-to-the-google-sketchup-flaw.html
Anybody know more about this?
Should we care or is this just speculation?
-
it is a buffer overflow in the code that checks the .skp file (Sketchup, Layout, the thumbnailer in Explorer)
the idea is that you can run arbitrary code by looking to a malicious .skp fileI tried the .skp that should trigger the buffer overflow but I got only "Unexpected file format" error message.
Google is notified about the problem and a fix should come in the next update (after current 7.0.10247)
Advertisement