Remote Code Execution Vulnerability in Bentley View by Bentley Systems
CVE-2021-46656

7.8HIGH

Key Information:

Vendor: Bentley
Status: View
Vendor: CVE Published:; 18 February 2022

What is CVE-2021-46656?

This vulnerability in Bentley View allows remote attackers to execute arbitrary code by exploiting the parsing of JT files. To be successful, the target user must interact with a malicious link or file, which leads to crafted data triggering a write past the allocated buffer's boundary. This flaw can enable an attacker to run code within the context of the affected process, potentially compromising system integrity. For more information, see the relevant advisories from Bentley Systems and Zero Day Initiative.

Affected Version(s)

View 10.15.0.75

References

https://www.bentley.com/en/common-vulnerability-exposure/...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-243/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Jan 26, 2022

Credit

Mat Powell of Trend Micro Zero Day Initiative