Trimble SketchUp Desktop 2025 DLL Hijacking Vulnerability

A DLL hijacking vulnerability has been identified in Trimble SketchUp Desktop 2025. This issue arises when the application loads the 'libcef.dll' file for the 'sketchup_webhelper.exe' process. An attacker can exploit this by placing a malicious 'libcef.dll' in a location that the application will prioritize, such as the installation directory or a system path. Once the malicious DLL is loaded, it can execute arbitrary code on the user's system, potentially leading to full control over the machine.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the victim's computer. This could result in the attacker gaining full control over the system, with the possibility of stealing design files and business secrets, manipulating the system, encrypting files for ransom, or corrupting project models. Such actions would be carried out under the guise of normal software operation, causing significant intellectual property and financial loss for designers.

Reproduction

To reproduce this vulnerability, download and install Trimble SketchUp Desktop 2025. After installation, locate the 'sketchup_webhelper.exe' in the application directory. The executable does not specify a full path for 'libcef.dll', prompting Windows to search for it based on a defined order. An attacker can take advantage of this by placing a malicious 'libcef.dll' in a higher-priority location and implementing an export function with the same name, hijacking the program's execution flow. Once the malicious DLL is loaded, it can execute the embedded code, such as a payload that establishes a command and control connection.