CVE-2021-34912: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-34912 is a vulnerability in Bentley View affecting JT file parsing functionality. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on December 8, 2021. The issue affects Bentley View versions prior to 10.16.02.* (ZDI Advisory, Bentley Advisory).

The vulnerability is an out-of-bounds read issue that exists within the parsing of JT files. When parsing JT files, the application can trigger a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicating high severity (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The attack requires user interaction, specifically opening a maliciously crafted JT file (ZDI Advisory).

Bentley has released version 10.16.02.* to address this vulnerability. Users are recommended to update to the latest version of Bentley View. As an additional security measure, users should only open JT files from trusted sources (Bentley Advisory).