CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
90.4%
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
Vendor | Product | Version | CPE |
---|---|---|---|
jan_eric_krprianidis | lib3ds | 1.0 | cpe:2.3:a:jan_eric_krprianidis:lib3ds:1.0:*:*:*:*:*:*:* |
google_sketchup | 7.0 | cpe:2.3:a:google:google_sketchup:7.0:*:*:*:*:*:*:* | |
google_sketchup | 7.0.10247 | cpe:2.3:a:google:google_sketchup:7.0.10247:*:*:*:*:*:*:* | |
google_sketchup | 7.1.4871 | cpe:2.3:a:google:google_sketchup:7.1.4871:*:*:*:*:*:*:* | |
google_sketchup | 7.1.6087 | cpe:2.3:a:google:google_sketchup:7.1.6087:*:*:*:*:*:*:* |
secunia.com/advisories/38185
secunia.com/advisories/38187
sketchup.google.com/support/bin/answer.py?hl=en&answer=141303
www.coresecurity.com/content/google-sketchup-vulnerability
www.securityfocus.com/archive/1/508913/100/0/threaded
www.securityfocus.com/bid/37708
www.vupen.com/english/advisories/2010/0133