CVE-2013-7388 - OpenCVE

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Trimble	Sketchup
Google	Sketchup

Configuration 1 [-]

OR	cpe:2.3:a:google:sketchup:6.0:maintenance_6::::::
	cpe:2.3:a:google:sketchup:7.0:maintenance_1::::::
	cpe:2.3:a:google:sketchup:7.1:::::::*
	cpe:2.3:a:google:sketchup:7.1:maintenance_1::::::
	cpe:2.3:a:google:sketchup:7.1:maintenance_2::::::
	cpe:2.3:a:google:sketchup:8.0:::::::*
	cpe:2.3:a:google:sketchup:8.0:maintenance_1::::::
	cpe:2.3:a:google:sketchup:8.0:maintenance_2::::::
	cpe:2.3:a:google:sketchup:8.0:maintenance_3::::::
	cpe:2.3:a:google:sketchup:8.0:maintenance_4::::::
	cpe:2.3:a:trimble:sketchup::maintenance_5::::::*

References

Link	Resource
http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html	Exploit
http://secunia.com/advisories/53635
http://www.binamuse.com/advisories/BINA-20130521B.txt	Exploit
http://www.securityfocus.com/bid/60248
https://exchange.xforce.ibmcloud.com/vulnerabilities/84723

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-07-01T17:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-07-01T00:00:00

Link: CVE-2013-7388

JSON object: View

NVD Information

Status : Modified

Published: 2014-07-01T17:55:03.997

Modified: 2017-08-29T01:34:07.560

Link: CVE-2013-7388

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"}, {"name": "sketchup-cve20133664-bo(84723)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}, {"name": "60248", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60248"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"name": "53635", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53635"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7388", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.binamuse.com/advisories/BINA-20130521B.txt", "refsource": "MISC", "url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"}, {"name": "sketchup-cve20133664-bo(84723)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}, {"name": "60248", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60248"}, {"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html", "refsource": "MISC", "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"name": "53635", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53635"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7388", "datePublished": "2014-07-01T17:00:00", "dateReserved": "2014-07-01T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*", "matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*", "matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_2:*:*:*:*:*:*", "matchCriteriaId": "C4860803-6E0F-448B-981C-4A2531F7455C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_3:*:*:*:*:*:*", "matchCriteriaId": "F2DB039C-B6A2-44C0-84FF-BDDAEDFEF906", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_4:*:*:*:*:*:*", "matchCriteriaId": "739B944B-51C0-460B-B82B-189F04A3BD87", "vulnerable": true}, {"criteria": "cpe:2.3:a:trimble:sketchup:*:maintenance_5:*:*:*:*:*:*", "matchCriteriaId": "89A70422-04F4-4358-8B2F-860045AFE586", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en paintlib, utilizado en Trimble SketchUp (anetriormente Google SketchUp) anterior a 2013 (13.0.3689), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mapa de bits RLE4-comprimido (BMP) manipulado. NOTA: este problema fue dividido (SPLIT) de CVE-2013-3664 debido a diferentes productos y bases de c\u00f3digos afectados (ADT1)."}], "id": "CVE-2013-7388", "lastModified": "2017-08-29T01:34:07.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-07-01T17:55:03.997", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/53635"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/60248"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}