CVE-2021-34874: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A remote code execution vulnerability was discovered in Bentley View version 10.15.0.75, identified as CVE-2021-34874. The vulnerability was disclosed on December 8, 2021, and affects the application's handling of 3DS files. This security flaw requires user interaction, specifically opening a malicious file or visiting a malicious page, to be exploited (ZDI Advisory).

The vulnerability exists within the processing of 3DS files and stems from improper validation of user-supplied data, which can result in a memory corruption condition. The issue has been assigned a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory, Bentley Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise at the level of the affected application's privileges (ZDI Advisory).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. Users are recommended to update to the latest version of the software. Additionally, as a general best practice, it is recommended to only open 3DS files from trusted sources (Bentley Advisory).