CVE-2010-0280 - Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2,

CVE-2010-0280

Summary

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

References

Vulnerable Configurations

cpe:2.3:a:jan_eric_krprianidis:lib3ds:1.0:*:*:*:*:*:*:*
cpe:2.3:a:jan_eric_krprianidis:lib3ds:1.0:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.0:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.0:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.0.10247:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.0.10247:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.1.4871:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.1.4871:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.1.6087:*:*:*:*:*:*:*
cpe:2.3:a:google:google_sketchup:7.1.6087:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 10-10-2018 - 19:51)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	37708
bugtraq	20100113 [CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption
confirm	http://sketchup.google.com/support/bin/answer.py?hl=en&answer=141303
misc	http://www.coresecurity.com/content/google-sketchup-vulnerability
secunia	38185 38187
vupen	ADV-2010-0133

Last major update

10-10-2018 - 19:51

Published

15-01-2010 - 17:30

Last modified

10-10-2018 - 19:51