CVE-2013-3664 PoC — Trimble Navigation Trimble SketchUp 多个缓冲区溢出漏洞

Source

https://github.com/defrancescojp/CVE-2013-3664_MAC

Associated Vulnerability

Title:Trimble Navigation Trimble SketchUp 多个缓冲区溢出漏洞 (CVE-2013-3664)
Description:Trimble Navigation Trimble SketchUp（前称Google SketchUp）是美国天宝导航（Trimble Navigation）公司的一套环保型3D建模软件。该软件主要应用于建筑、土木、机械、电影和视频游戏设计。 Trimble Navigation Trimble SketchUp 2013 (13.0.3689)之前的版本中存在安全漏洞。远程攻击者可借助特制的调色板表利用该漏洞执行任意代码。

Description

Sketchup MAC Pict Material Palette Stack Corruption

Readme

Sketchup MAC Pict Material Palette Stack Corruption - CVE-2013-3664
===================================================================

SketchUp fails to validate the input when parsing an embedded MACPict texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a stack overflow.  The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.

Summary
=======
* Title: Sketchup MAC Pict Material Palette Stack Corruption
* CVE ID: CVE-2013-3664
* Permalink: http://www.binamuse.com/advisories/BINA-20130521A.txt
* Advisory Published: 2013-05-23
* Class: Boundary Error Condition (Buffer Overflow)

File Snapshot


 [4.0K]  /data/pocs/5eaefd7ea1ba248f02ce54732992a4be37a123fe
├── [129K]  BINA-20130521A-exploit.py
├── [ 29K]  BINA-20130521A-POC-WIN.zip
└── [ 700]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!