All Advisories / BE-2021-0001

BE-2021-0001

BE-2021-0001: Out-of-Bounds Read in ContextCapture Viewer

Bentley ID: BE-2021-0001
CVE ID: CVE-2021-34984, CVE-2021-34985
Severity: 3.3
CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Publication date: 2021-11-15
Revision date: 2021-11-15

Summary
A crafted OBJ file can force ContextCapture Viewer to read outside the boundaries of an allocated object. An attacker can leverage this with other vulnerabilities to execute arbitrary code.

Details
This was discovered by TrendMicro ZDI, ref ZDI-CAN-14784 and ZDI-CAN-14785. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture Viewer. User interaction is required to exploit this vulnerability since the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Affected Versions

Applications Affected Versions Mitigated Versions
ContextCapture Viewer <= 10.18.00.236 >=10.19.0.580

 

Recommended Mitigations
Update to the latest version of the product. Only open OBJ files coming from a trusted source.

Acknowledgement
Thanks to Francis Provencher {PRL} through the TrendMicro ZDI program.

Revision History

Date Description
2021-11-15 First version of this advisory

20% Off Bentley Software

Deal Ends Friday

Use Coupon Code "THANKS24"

Celebrate Infrastructure Delivery & Performance Excellence

The 2024 Year in Infrastructure
and Going Digital Awards

Nominate a project for the most prestigious awards in infrastructure! Extended deadline to enter is April 29th.