CVE-2021-46574: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2021-46574) was discovered in Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability exists within the parsing of JT files, where crafted data can trigger a write past the end of an allocated buffer. This vulnerability requires user interaction, specifically opening a malicious file or visiting a malicious page (Zero Day Initiative, Bentley Advisory).

The vulnerability is classified with a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw involves an out-of-bounds write vulnerability during JT file parsing. When exploited, the vulnerability allows attackers to write data beyond the bounds of an allocated buffer, which can lead to arbitrary code execution in the context of the current process (Zero Day Initiative).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise at the privilege level of the affected application (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users should upgrade to MicroStation version 10.16.02 or later. Additionally, as a general best practice, it is recommended to only open JT files from trusted sources (Bentley Advisory).