CVE-2021-46640: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46640) affects Bentley View version 10.15.0.75 and allows remote attackers to execute arbitrary code. The vulnerability requires user interaction, specifically opening a malicious file or visiting a malicious page. The vulnerability exists within the parsing of DGN files, where crafted data can trigger a write past the end of an allocated buffer (Zero Day Initiative, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of DGN files, where crafted data can trigger an out-of-bounds write vulnerability (CWE-787). This buffer overflow condition can be exploited to execute arbitrary code in the context of the current process (Zero Day Initiative, Bentley Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected system (Zero Day Initiative).

Bentley has released version 10.16.02 to address this vulnerability. Users are recommended to update to this or a more recent version. As a general best practice, it is also recommended to only open DGN files from trusted sources (Bentley Advisory).