CVE-2021-34941: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-34941) affects Bentley View software and involves a stack-based buffer overflow in JT file parsing functionality. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and disclosed on December 8, 2021. The vulnerability has a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (ZDI Advisory).

The vulnerability exists within the parsing of JT files. The specific flaw results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (ZDI Advisory, Bentley Advisory).

A successful exploit could allow an attacker to execute arbitrary code in the context of the current process. This means an attacker could potentially take control of the affected system with the same privileges as the user running the vulnerable application (ZDI Advisory).

Bentley has issued an update to address this vulnerability. Users should update to version 10.16.02.* or more recent versions of Bentley View and MicroStation-based applications. As a general best practice, it is recommended to only open JT files from trusted sources (Bentley Advisory).