CVE-2021-34924: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-34924 is a remote code execution vulnerability discovered in Bentley View software, specifically affecting the JT file parsing functionality. The vulnerability was disclosed on December 8, 2021, and was discovered by Mat Powell of Trend Micro Zero Day Initiative. The vulnerability affects versions of Bentley View prior to 10.16.02.* (ZDI Advisory, Bentley Advisory).

The vulnerability is characterized by an out-of-bounds write condition that occurs during the parsing of JT files. When processing crafted data in a JT file, the application can trigger a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. This means an attacker could potentially gain the same privileges as the application running the vulnerable code (ZDI Advisory).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. Users are recommended to update to the latest version of the software. As an additional security measure, it is recommended to only open JT files from trusted sources (Bentley Advisory).