CVE-2021-46633: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-46633) was discovered in Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability exists within the parsing of PDF files and was discovered by Mat Powell of Trend Micro Zero Day Initiative (identified as ZDI-CAN-15463) (Zero Day Initiative, Vendor Advisory).

The vulnerability stems from the lack of validating the existence of an object prior to performing operations on the object during PDF file parsing. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The attack requires user interaction, specifically the target must open a malicious file (Zero Day Initiative).

Bentley has issued an update to address this vulnerability. Users should upgrade to version 10.16.02 or later of MicroStation and MicroStation-based applications. As a general best practice, it is recommended to only open PDF files from trusted sources (Vendor Advisory).