CVE-2024-9715
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Trimble SketchUp Viewer. Attackers can exploit this by tricking users into opening malicious SKP files or visiting malicious web pages. The vulnerability affects users who process untrusted SKP files with SketchUp Viewer.
💻 Affected Systems
- Trimble SketchUp Viewer
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to installation of malware, data exfiltration, or persistence mechanisms on the compromised system.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash rather than full system compromise.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). The use-after-free vulnerability in SKP parsing makes reliable exploitation feasible for skilled attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Trimble security advisory for specific patched version
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1376/
Restart Required: Yes
Instructions:
1. Open Trimble SketchUp Viewer
2. Navigate to Help > Check for Updates
3. Install the latest available update
4. Restart the application
🔧 Temporary Workarounds
Disable SKP file association
allPrevent SketchUp Viewer from automatically opening SKP files
Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .skp association to another program or 'Ask every time'
macOS: Right-click SKP file > Get Info > Open with > Select different application
Application sandboxing
allRun SketchUp Viewer in restricted environment
Windows: Use Windows Sandbox or third-party sandboxing tools
macOS: Use built-in sandboxing features or third-party solutions
🧯 If You Can't Patch
- Implement strict file handling policies to block SKP files from untrusted sources
- Run SketchUp Viewer with minimal user privileges and in isolated environments
🔍 How to Verify
Check if Vulnerable:
Check SketchUp Viewer version against Trimble's security advisory for affected versionsCheck Version:
Windows: Open SketchUp Viewer > Help > About SketchUp Viewer; macOS: Open SketchUp Viewer > SketchUp Viewer menu > About SketchUp ViewerVerify Fix Applied:
Verify installed version is newer than the vulnerable version specified in Trimble's advisory📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected child processes spawned from SketchUp Viewer
- Unusual network connections from SketchUp Viewer process
Network Indicators:
- Outbound connections to suspicious IPs following SKP file processing
- DNS requests for known malicious domains from SketchUp process
SIEM Query:
process_name:"SketchUp Viewer" AND (event_type:crash OR child_process_spawn:true)