Remote Code Execution Vulnerability in Bentley View
CVE-2022-43651

7.8HIGH

Key Information:

Vendor: Bentley
Status: View
Vendor: CVE Published:; 7 May 2024

Summary

A vulnerability exists in Bentley View due to improper handling of SKP file parsing, allowing remote attackers to exploit the flaw by crafting malicious SKP files or web pages containing such files. The issue arises from the failure to verify the existence of an object before conducting operations on it, leading to a use-after-free condition. An attacker can trigger this vulnerability to execute arbitrary code in the context of the currently running process, necessitating user interaction to achieve exploitation.

Affected Version(s)

View 10.16.2.22

References

https://www.zerodayinitiative.com/advisories/ZDI-23-346/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Oct 21, 2022

Collectors

NVD DatabaseMitre Database