CVE-2021-34873: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A vulnerability was discovered in Bentley View PDF file parsing functionality that allows remote attackers to execute arbitrary code on affected installations. The vulnerability (CVE-2021-34873) was reported on August 11, 2021, and publicly disclosed on December 8, 2021. The vulnerability affects Bentley View versions prior to 10.16.02.* (ZDI Advisory, Bentley Advisory).

The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.0 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). User interaction is required to exploit this vulnerability as the target must visit a malicious page or open a malicious file (ZDI Advisory).

An attacker can leverage this vulnerability to execute code in the context of the current process. This could potentially lead to unauthorized access, data manipulation, or system compromise on affected installations (ZDI Advisory).

Bentley has issued an update to correct this vulnerability in version 10.16.02.* and more recent versions. As a general best practice, it is recommended to only open PDF files coming from trusted sources (Bentley Advisory).