Home / Common Vulnerability Exposure BE-2021-0001

BE-2021-0001 Out-of-Bounds Read in ContextCapture Viewer

Bentley ID: BE-2021-0001
CVE ID: CVE-2021-34984, CVE-2021-34985
Severity: 3.3 (Low)
CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Publication date: November 15, 2021
Revision date: November 15, 2021 

Summary 

A crafted OBJ file can force ContextCapture Viewer to read outside the boundaries of an allocated object. An attacker can leverage this with other vulnerabilities to execute arbitrary code.

Details

This was discovered by TrendMicro ZDI, ref ZDI-CAN-14784 and ZDI-CAN-14785

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture Viewer. User interaction is required to exploit this vulnerability since the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Affected Versions of Products

Product Affected Version Fixed Version
ContextCapture Viewer <= 10.18.00.236 >=10.19.0.580

Recommended Mitigations

Update to the latest version of the product. Only open OBJ files coming from a trusted source.

Acknowledgement

Thanks to Francis Provencher {PRL} through the TrendMicro ZDI program.

Revision History

Date Description
November 15, 2021 First version of the advisory