CVE-2024-9717 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-9717?

CVE-2024-9717 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SKP files in Trimble SketchUp Viewer. Attackers can gain control of the affected system with the same privileges as the current user. All users of vulnerable versions of SketchUp Viewer are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SKP files in Trimble SketchUp Viewer. Attackers can gain control of the affected system with the same privileges as the current user. All users of vulnerable versions of SketchUp Viewer are affected.

💻 Affected Systems

Products:

Trimble SketchUp Viewer

Versions: Specific versions not detailed in advisory, but likely multiple recent versions prior to patch

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable when opening SKP files. No special configuration required for exploitation.

📦 What is this software?

Sketchup Viewer by Trimble

View all CVEs affecting Sketchup Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Malware installation, credential theft, and system compromise leading to data exfiltration or further attacks.

🟢

If Mitigated

Limited impact due to user account restrictions, but still potential for local data access and limited system manipulation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file), but exploit is straightforward once the user is tricked. File-based attacks are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Trimble security advisory for specific patched version

Vendor Advisory: https://help.sketchup.com/en/release-notes/sketchup-viewer

Restart Required: Yes

Instructions:

1. Open SketchUp Viewer
2. Go to Help > Check for Updates
3. Follow prompts to install latest version
4. Restart application after installation

🔧 Temporary Workarounds

Disable SKP file association

windows

Prevent SketchUp Viewer from automatically opening SKP files

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .skp to open with different application

Use application whitelisting

all

Block execution of SketchUp Viewer entirely

🧯 If You Can't Patch

Implement strict email filtering to block SKP attachments
Educate users to never open SKP files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check SketchUp Viewer version against Trimble's security advisory for vulnerable versions

Check Version:

Windows: Open SketchUp Viewer > Help > About SketchUp Viewer

Verify Fix Applied:

Verify installed version matches or exceeds patched version from Trimble advisory

📡 Detection & Monitoring

Log Indicators:

Multiple crash reports from SketchUp Viewer
Unexpected process creation from SketchUp Viewer

Network Indicators:

Outbound connections from SketchUp Viewer to unknown IPs
Unusual network traffic following SKP file opening

SIEM Query:

Process Creation where Image contains 'sketchup' AND Parent Process contains 'explorer' OR Command Line contains '.skp'

📊 Metadata

CVE ID: CVE-2024-9717

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-457

Published: November 22, 2024

Last Updated: December 19, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1377/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9717, you might also want to check these: