CVE-2024-9728
CVSS 3.0 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9728 is a remote code execution vulnerability in Trimble SketchUp Viewer. Malicious SKP files can be used to exploit this issue, leading to arbitrary code execution on affected installations. The flaw arises due to insufficient validation during SKP file parsing, allowing attackers to manipulate the existence of an object before performing operations on it. User interaction, such as visiting a malicious page or opening a malicious file, is required for exploitation. This vulnerability, identified as ZDI-CAN-24112, poses a significant risk to users of Trimble SketchUp Viewer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.