CVE-2024-9731 is a memory corruption vulnerability in Trimble SketchUp Viewer, specifically in the parsing logic of SKP files. The flaw stems from insufficient validation of user-supplied data during the SKP file parsing process, which can cause buffer overflows or similar memory corruption conditions. This vulnerability falls under CWE-119, indicating improper restriction of operations within the bounds of a memory buffer. When exploited, an attacker can execute arbitrary code within the context of the SketchUp Viewer process. Exploitation requires user interaction, such as opening a malicious SKP file or visiting a malicious webpage that triggers the vulnerable parsing routine. The vulnerability affects version 22.0.316.0 of the product. Although no public exploits have been reported yet, the vulnerability’s characteristics and CVSS score of 7.8 indicate a high risk. The attack vector is local (AV:L), requiring user interaction (UI:R), with no privileges required (PR:N), and impacts confidentiality, integrity, and availability (all high). This vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-24145 and publicly disclosed on November 22, 2024.

If exploited, this vulnerability allows remote attackers to execute arbitrary code on affected systems with the privileges of the user running SketchUp Viewer. This can lead to full system compromise, data theft, installation of malware, or lateral movement within a network. Since SketchUp Viewer is used for viewing 3D models, often in architectural, engineering, and construction industries, exploitation could disrupt critical workflows and expose sensitive intellectual property. The requirement for user interaction limits mass exploitation but targeted spear-phishing or watering hole attacks could be effective. The vulnerability impacts confidentiality, integrity, and availability, making it a significant threat to organizations relying on this software. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for mitigation.

Organizations should monitor Trimble’s official channels for patches addressing this vulnerability and apply them promptly once released. Until a patch is available, restrict the opening of SKP files from untrusted or unknown sources. Employ application whitelisting and sandboxing techniques to limit the impact of potential exploitation. Educate users about the risks of opening files from untrusted origins and visiting suspicious websites. Network-level protections such as email filtering and web content filtering can reduce exposure to malicious SKP files or URLs. Employ endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. Regularly update and harden the operating system and related software to reduce the attack surface. Finally, maintain robust backup and recovery procedures to mitigate damage from potential compromise.