CVE-2024-9712

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 416

Summary

CVE-2024-9712 is a remote code execution vulnerability in Trimble SketchUp's SKP file parsing process. The flaw stems from a failure to validate the existence of an object before performing operations on it, allowing attackers to execute arbitrary code in the context of the current process. This vulnerability can be exploited when users visit a malicious page or open a maliciously crafted SKP file. The ZDI referred to this issue as ZDI-CAN-23530.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share