CVE-2024-9723 – This is a use-after-free vulnerability in Trimb... (How to Fix)

Q: What is the severity of CVE-2024-9723?

CVE-2024-9723 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in Trimble SketchUp Viewer's SKP file parser that allows remote attackers to execute arbitrary code. Attackers can exploit it by tricking users into opening malicious SKP files or visiting malicious web pages. All users of affected SketchUp Viewer versions are at risk.

📋 TL;DR

This is a use-after-free vulnerability in Trimble SketchUp Viewer's SKP file parser that allows remote attackers to execute arbitrary code. Attackers can exploit it by tricking users into opening malicious SKP files or visiting malicious web pages. All users of affected SketchUp Viewer versions are at risk.

💻 Affected Systems

Products:

Trimble SketchUp Viewer

Versions: Specific versions not specified in advisory - all versions prior to patch

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the core SKP file parsing functionality, so all standard installations are affected.

📦 What is this software?

Sketchup Viewer by Trimble

View all CVEs affecting Sketchup Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation on the victim's system, potentially leading to credential theft, data exfiltration, or system disruption.

🟢

If Mitigated

Limited impact if proper application sandboxing, least privilege principles, and network segmentation are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file), but the vulnerability itself is unauthenticated. File format vulnerabilities are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Trimble security advisory for specific version

Vendor Advisory: https://help.sketchup.com/en/release-notes/sketchup-viewer

Restart Required: Yes

Instructions:

1. Open SketchUp Viewer
2. Go to Help > Check for Updates
3. Follow prompts to install latest version
4. Restart application

🔧 Temporary Workarounds

Disable SKP file association

windows

Prevent SketchUp Viewer from automatically opening SKP files

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Select .skp > Change program > Choose different application

Application control policy

all

Block SketchUp Viewer execution via endpoint protection

🧯 If You Can't Patch

Implement application sandboxing/containerization
Use network segmentation to isolate SketchUp Viewer systems

🔍 How to Verify

Check if Vulnerable:

Check SketchUp Viewer version against Trimble's security advisory

Check Version:

Windows: Open SketchUp Viewer > Help > About SketchUp Viewer

Verify Fix Applied:

Verify installed version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Multiple crash reports from SketchUp Viewer
Unexpected process creation from SketchUp Viewer

Network Indicators:

Unexpected outbound connections from SketchUp Viewer process

SIEM Query:

Process creation where parent process contains 'sketchup' AND (command line contains .skp OR network connection established)

📊 Metadata

CVE ID: CVE-2024-9723

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 22, 2024

Last Updated: December 19, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1480/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9723, you might also want to check these: