CVE-2021-46614

Name of the Vulnerable Software and Affected Versions Bentley MicroStation CONNECT version 10.16.0.80

Description This issue allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this issue to execute code in the context of the current process.

Recommendations For Bentley MicroStation CONNECT version 10.16.0.80, at the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the parsing of J2K images until a patch is available. Restrict access to potentially malicious files or pages to minimize the risk of exploitation. Avoid using crafted J2K images in the affected software until the issue is resolved.