RCE in Google Sketchup

CVE-2011-2478

Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.

Affected products

Google Sketchup — versions 6.0, 7.0, 7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)