sketchucation logo sketchucation
    • Login
    🤑 SketchPlus 1.3 | 44 Tools for $15 until June 20th Buy Now

    SketchUp Flaw (Security)?

    Scheduled Pinned Locked Moved SketchUp Discussions
    sketchup
    2 Posts 3 Posters 373 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      museummaker
      last edited by

      I don't know enough about the inner workings of computers to confirm this but I thought it might be of interest.

      "The bad news that I have for you today is that Google SketchUp is unfortunately vulnerable to dangerous attacks. It is currently at risk due to the factor that the application fails to correctly do boundary checks, with regard to the input supplied by the user. The particular vulnerability that Google SketchUp suffers from is a buffer overflow vulnerability."

      500 Internal Server Error

      favicon

      (www.pc1news.com)

      Anybody know more about this?

      Should we care or is this just speculation?

      1 Reply Last reply Reply Quote 0
      • tbdT Offline
        tbd
        last edited by

        it is a buffer overflow in the code that checks the .skp file (Sketchup, Layout, the thumbnailer in Explorer)
        the idea is that you can run arbitrary code by looking to a malicious .skp file

        I tried the .skp that should trigger the buffer overflow but I got only "Unexpected file format" error message.

        Google is notified about the problem and a fix should come in the next update (after current 7.0.10247)

        SketchUp Ruby Consultant | Podium 1.x developer
        http://plugins.ro

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post
        Buy SketchPlus
        Buy SUbD
        Buy WrapR
        Buy eBook
        Buy Modelur
        Buy Vertex Tools
        Buy SketchCuisine
        Buy FormFonts

        Advertisement