CVE-2021-46641 in Viewinfo

Summary

by MITRE • 02/18/2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN file. Crafted data in a DNG file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15513.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Zero Day Initiative

Reservation

01/26/2022

Disclosure

02/18/2022

Moderation

accepted

Entry

VDB-193482

CPE

ready

CWE

CWE-125 (confirmed)

CVSS

7.8 (CNA)

EPSS

0.01955

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-46641
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-46641
CVE Details	https://www.cvedetails.com/cve/CVE-2021-46641/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!