Multiple vulnerabilities in Bentley View and MicroStation
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 40 |
| CVE-ID | CVE-2021-34937 CVE-2021-34930 CVE-2021-34931 CVE-2021-34932 CVE-2021-34933 CVE-2021-34934 CVE-2021-34935 CVE-2021-34936 CVE-2021-34938 CVE-2021-34928 CVE-2021-34939 CVE-2021-34940 CVE-2021-34941 CVE-2021-34942 CVE-2021-34943 CVE-2021-34944 CVE-2021-34945 CVE-2021-34946 CVE-2021-34929 CVE-2021-34927 CVE-2021-34876 CVE-2021-34898 CVE-2021-34877 CVE-2021-34878 CVE-2021-34913 CVE-2021-34885 CVE-2021-34888 CVE-2021-34890 CVE-2021-34891 CVE-2021-34892 CVE-2021-34899 CVE-2021-34926 CVE-2021-34909 CVE-2021-34912 CVE-2021-34920 CVE-2021-34921 CVE-2021-34922 CVE-2021-34923 CVE-2021-34924 CVE-2021-34925 |
| CWE-ID | CWE-416 CWE-125 CWE-787 CWE-119 CWE-122 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MicroStation Universal components / Libraries / Software for developers Bentley View Client/Desktop applications / Office applications |
| Vendor | BENTLEY SYSTEMS |
Security Bulletin
This security bulletin contains information about 40 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU58739
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34937
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1525/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU58711
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34930
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1518/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU58742
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34931
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1519/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU58720
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34932
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1520/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU58741
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34933
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1521/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU58746
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34934
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1522/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU58719
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34935
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1523/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU58740
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1524/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU58734
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34938
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1526/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU58722
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34928
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1516/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU58738
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34939
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1527/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU58718
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34940
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1528/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Stack-based buffer overflow
EUVDB-ID: #VU58735
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34941
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing JT files. A remote unauthenticated attacker can trick the victim to open a specially crafted JT file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1529/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU58710
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34942
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1530/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU58709
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34943
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1531/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU58708
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34944
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1532/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Heap-based buffer overflow
EUVDB-ID: #VU58733
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34945
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1533/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU58707
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34946
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1534/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds write
EUVDB-ID: #VU58721
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34929
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1517/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU58712
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34927
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1515/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds write
EUVDB-ID: #VU58732
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34876
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1464/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds write
EUVDB-ID: #VU58729
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34898
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1487/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds write
EUVDB-ID: #VU58731
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34877
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1465/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds write
EUVDB-ID: #VU58730
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34878
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1466/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU58717
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34913
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1467/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU58716
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34885
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1474/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU58715
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34888
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1477/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU58714
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34890
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1479/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU58745
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34891
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1480/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Stack-based buffer overflow
EUVDB-ID: #VU58737
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34892
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing JT files. A remote unauthenticated attacker can trick the victim to open a specially crafted JT file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1481/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds write
EUVDB-ID: #VU58728
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34899
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1488/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds write
EUVDB-ID: #VU58723
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34926
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1514/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU58744
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34909
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1498/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU58713
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34912
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1501/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds write
EUVDB-ID: #VU58727
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34920
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1508/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds write
EUVDB-ID: #VU58726
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34921
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1509/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU58743
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34922
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing JT files. A remote attacker can trick the victim to open a specially crafted JT file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1510/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds write
EUVDB-ID: #VU58725
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34923
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1511/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds write
EUVDB-ID: #VU58724
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34924
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JT files. A remote attacker can create a specially crafted JT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1512/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Stack-based buffer overflow
EUVDB-ID: #VU58736
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34925
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing JT files. A remote unauthenticated attacker can trick the victim to open a specially crafted JT file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.00.00.25 - 10.16.01.56
Bentley View: 10.00.00.25 - 10.16.01.56
External linkshttp://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005
http://www.zerodayinitiative.com/advisories/ZDI-21-1513/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
