Bentley ID: BE-2021-0001
CVE ID: CVE-2021-34984, CVE-2021-34985
Severity: 3.3 (Low)
CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Publication date: November 15, 2021
Revision date: November 15, 2021
Description
Summary:
A crafted OBJ file can force ContextCapture Viewer to read outside the boundaries of an allocated object. An attacker can leverage this with other vulnerabilities to execute arbitrary code.
Details:
This was discovered by TrendMicro ZDI, ref ZDI-CAN-14784 and ZDI-CAN-14785
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture Viewer. User interaction is required to exploit this vulnerability since the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Affected Versions of Products:
| Product |
Affected Version |
Fixed Version |
| ContextCapture Viewer |
<= 10.18.00.236 |
>=10.19.0.580 |
Recommended Mitigations
Update to the latest version of the product. Only open OBJ files coming from a trusted source.
Acknowledgement
Thanks to Francis Provencher {PRL} through the TrendMicro ZDI program.
Revision History
| Date |
Description |
| November 15, 2021 |
First version of the advisory |