Remote Code Execution Vulnerability in Bentley View
CVE-2022-43653

7.8HIGH

Key Information:

Vendor: Bentley
Status: View
Vendor: CVE Published:; 7 May 2024

Summary

This vulnerability in Bentley View arises from a specific flaw in the way SKP files are parsed. An attacker who crafts malicious data within an SKP file can exploit this flaw to write beyond the allocated buffer's end, potentially leading to the execution of arbitrary code. User interaction is necessary for the exploit as it demands that the victim visit a compromised webpage or open a rigged SKP file. Organizations using Bentley View should remain vigilant by applying security updates and educating users about the risks associated with opening suspicious files.

Affected Version(s)

View 10.17.0.34

References

https://www.zerodayinitiative.com/advisories/ZDI-23-348/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Oct 21, 2022

Collectors

NVD DatabaseMitre Database