Vulnerability Description
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jan Eric Krprianidis | Lib3Ds | 1.0 |
| Google Sketchup | 7.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/38185Vendor Advisory
- http://secunia.com/advisories/38187Vendor Advisory
- http://sketchup.google.com/support/bin/answer.py?hl=en&answer=141303
- http://www.coresecurity.com/content/google-sketchup-vulnerabilityExploit
- http://www.securityfocus.com/archive/1/508913/100/0/threaded
- http://www.securityfocus.com/bid/37708Exploit
- http://www.vupen.com/english/advisories/2010/0133
- http://secunia.com/advisories/38185Vendor Advisory
- http://secunia.com/advisories/38187Vendor Advisory
- http://sketchup.google.com/support/bin/answer.py?hl=en&answer=141303
- http://www.coresecurity.com/content/google-sketchup-vulnerabilityExploit
- http://www.securityfocus.com/archive/1/508913/100/0/threaded
- http://www.securityfocus.com/bid/37708Exploit
- http://www.vupen.com/english/advisories/2010/0133
FAQ
What is CVE-2010-0280?
CVE-2010-0280 is a vulnerability with a CVSS score of 9.3 (HIGH). Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitra...
How severe is CVE-2010-0280?
CVE-2010-0280 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0280?
Check the references section above for vendor advisories and patch information. Affected products include: Jan Eric Krprianidis Lib3Ds, Google Google Sketchup.