CVE-2023-44430: 
Bentley View vulnerability analysis and mitigation

A use-after-free remote code execution vulnerability was discovered in Bentley View's SKP file parsing functionality (CVE-2023-44430). The vulnerability was reported on October 6, 2022, and publicly disclosed on January 8, 2024. This security flaw affects Bentley View installations and requires user interaction to exploit, specifically opening a malicious file or visiting a malicious page (ZDI Advisory).

The vulnerability exists within the parsing of SKP files in Bentley View. The specific issue stems from the lack of validation when checking the existence of an object before performing operations on it. The vulnerability has been assigned a CVSS v3.0 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates that successful exploitation could lead to complete compromise of the affected system's confidentiality, integrity, and availability (ZDI Advisory).

Bentley has released an update to address this vulnerability. Users are advised to apply the latest security updates provided by Bentley to protect against potential exploitation (ZDI Advisory).