CVE-2021-46576: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-46576 is a vulnerability affecting Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability as the target must visit a malicious page or open a malicious file (NVD, ZDI Advisory).

The vulnerability exists within the parsing of JT files. Specifically, crafted data in a JT file can trigger a write past the end of an allocated buffer. The vulnerability is classified as CWE-787 (Out-of-bounds Write) and has been assigned a CVSS v3.1 base score of 7.8 HIGH (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD, ZDI Advisory).

An attacker can leverage this vulnerability to execute code in the context of the current process, potentially gaining the same privileges as the application running the vulnerable code (ZDI Advisory).

Bentley has issued an update to correct this vulnerability. Users should update to version 10.16.02 or later of the affected software. As a general best practice, it is recommended to only open JT files coming from trusted sources (Bentley Advisory).