CVE-2024-9715: 
Trimble SketchUp Viewer vulnerability analysis and mitigation

Trimble SketchUp Viewer contains a use-after-free vulnerability (CVE-2024-9715) that was disclosed on November 22, 2024. This vulnerability affects installations of Trimble SketchUp Viewer version 22.0.316.0 and requires user interaction to exploit, specifically requiring the target to visit a malicious page or open a malicious file (ZDI Advisory).

The vulnerability exists within the parsing of SKP files and results from the lack of validating the existence of an object prior to performing operations on the object. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (ZDI Advisory).

Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current process. The high CVSS score indicates that the vulnerability could result in complete compromise of confidentiality, integrity, and availability of the affected system (ZDI Advisory).

The vulnerability has been fixed in version 2024.0.2 of SketchUp Viewer. Users are advised to update to this version to mitigate the risk (ZDI Advisory).