Dear SketchUp team,
I want to report that slapi.dll is subject to a security vulnerability, use-after-free remote code execution.
Primary vulnerability is due to lack of sanitization of 3D model file as input. By loading the corrputed file the attacker can get the application to access memory that has been previously freed. The use of previously-freed memory can have any number of
adverse consequences ranging from the corruption of valid data to the execution of arbitrary code.
Sample POC is attached. poc.skp (653.6 KB)
Any software leverages your SDK will be subject to the same security vulnerability.
File version: 14.0.4900.0
Product
version: 14.0.4900.0
File
flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Trimble Navigation
Limited
ProductName: SketchUp
InternalName: slapi.dll
OriginalFilename: slapi.dll
ProductVersion: 14.0.4900.0
FileVersion: 14.0.4900.0
FileDescription: SketchUp SDK DLL
(32-bit)
LegalCopyright: (c) 2014 Trimble
Navigation Limited
0:005>
Please kindly get in touch with me in case you need further information.
Best regards,
Vic