CVE-2023-50194
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SKP files in Trimble SketchUp Viewer. The flaw exists in how the software parses SKP files without proper bounds checking, enabling out-of-bounds reads that can lead to remote code execution. All users of affected SketchUp Viewer versions are at risk.
💻 Affected Systems
- Trimble SketchUp Viewer
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected system, data theft, lateral movement, and persistence establishment.
Likely Case
Local privilege escalation leading to user account compromise, data exfiltration, and potential ransomware deployment.
If Mitigated
Application crash or denial of service if exploit attempts are blocked by security controls.
🎯 Exploit Status
Exploitation requires user interaction but no authentication; weaponization likely due to RCE potential and file format attack vector
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references; check Trimble security advisory
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-23-1844/
Restart Required: Yes
Instructions:
1. Check Trimble security advisory for specific patched version
2. Download latest SketchUp Viewer from official Trimble website
3. Install update following vendor instructions
4. Restart system after installation
🔧 Temporary Workarounds
Disable SKP file association
allPrevent SketchUp Viewer from automatically opening SKP files
Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .skp association to another program or none
macOS: Right-click SKP file > Get Info > Open With > Change to different application
Application control blocking
allUse application whitelisting to prevent SketchUp Viewer execution
Windows: Configure AppLocker or Windows Defender Application Control policies
macOS: Use Gatekeeper or third-party endpoint protection
🧯 If You Can't Patch
- Implement network segmentation to isolate systems running SketchUp Viewer
- Deploy email/web filtering to block malicious SKP file attachments and downloads
🔍 How to Verify
Check if Vulnerable:
Check SketchUp Viewer version against Trimble's patched version list in security advisoryCheck Version:
Windows: Open SketchUp Viewer > Help > About SketchUp Viewer; macOS: Open SketchUp Viewer > SketchUp Viewer menu > About SketchUp ViewerVerify Fix Applied:
Verify installed version matches or exceeds patched version specified by Trimble📡 Detection & Monitoring
Log Indicators:
- Multiple SketchUp Viewer crashes with memory access violations
- Unexpected SketchUp Viewer process spawning child processes
- SKP file downloads from untrusted sources
Network Indicators:
- SKP file downloads from suspicious domains
- Outbound connections from SketchUp Viewer to unknown IPs
SIEM Query:
process_name:"SketchUp Viewer" AND (event_id:1000 OR event_id:1001) AND exception_code:0xc0000005