sketchucation logo sketchucation
    • Login

    SketchUp Flaw (Security)?

    Scheduled Pinned Locked Moved
    SketchUp Discussions
    sketchup
    3
    2
    373
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      museummaker
      last edited by

      I don't know enough about the inner workings of computers to confirm this but I thought it might be of interest.

      "The bad news that I have for you today is that Google SketchUp is unfortunately vulnerable to dangerous attacks. It is currently at risk due to the factor that the application fails to correctly do boundary checks, with regard to the input supplied by the user. The particular vulnerability that Google SketchUp suffers from is a buffer overflow vulnerability."

      http://www.pc1news.com/news/0902/drawing-your-attention-to-the-google-sketchup-flaw.html

      Anybody know more about this?

      Should we care or is this just speculation?

      1 Reply Last reply Reply Quote 0
      • tbdT
        tbd
        last edited by

        it is a buffer overflow in the code that checks the .skp file (Sketchup, Layout, the thumbnailer in Explorer)
        the idea is that you can run arbitrary code by looking to a malicious .skp file

        I tried the .skp that should trigger the buffer overflow but I got only "Unexpected file format" error message.

        Google is notified about the problem and a fix should come in the next update (after current 7.0.10247)

        SketchUp Ruby Consultant | Podium 1.x developer
        http://plugins.ro

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post
        Buy SketchPlus
        Buy SUbD
        Buy WrapR
        Buy eBook
        Buy Modelur
        Buy Vertex Tools
        Buy SketchCuisine
        Buy FormFonts

        Advertisement