CVE-2024-7509

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024

Updated: Dec 3, 2024

CWE ID 787

CWE ID 121

Summary

CVE-2024-7509 is a remote code execution vulnerability affecting Trimble SketchUp. Malicious SKP files can trigger a stack-based buffer overflow, allowing attackers to execute arbitrary code on vulnerable installations. This issue arises due to insufficient validation of user-supplied data before copying it to a buffer. Exploitation requires user interaction, such as visiting a malicious webpage or opening a malicious file. The flaw was identified as ZDI-CAN-19576 prior to its publication as a CVE.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Trimble Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xgVh35
https://www.cve.org/CVERecord?id=CVE-2024-7509
https://nvd.nist.gov/vuln/detail/CVE-2024-7509

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-7509

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations