CVE-2021-34879: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in Bentley View's J2K file parsing functionality, identified as CVE-2021-34879. The vulnerability was reported on August 11, 2021, and publicly disclosed on December 8, 2021. This security flaw affects Bentley View installations and requires user interaction to exploit (ZDI Advisory).

The vulnerability exists within the parsing of J2K files in Bentley View. The specific issue results from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS v3.0 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory, Bentley Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The attack requires user interaction, specifically opening a malicious file or visiting a malicious page (ZDI Advisory).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. Users are recommended to update to the latest versions of MicroStation and MicroStation-based applications. As a general best practice, it is also recommended to only open J2K files coming from trusted sources (Bentley Advisory).