CVE-2022-28307 in Viewinfo

Summary

by MITRE • 03/29/2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16306.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/17/2026

The vulnerability identified as CVE-2022-28307 represents a critical buffer overread flaw in Bentley View version 10.16.02.022, a widely used desktop application for viewing and editing engineering design files. This issue falls under the CWE-125 vulnerability category, which specifically addresses out-of-bounds read conditions that occur when a program attempts to access memory beyond the boundaries of a buffer. The vulnerability manifests during the parsing of DXF (Drawing Exchange Format) files, which are standard file formats used for exchanging digital design data between different computer-aided design applications. The flaw is particularly concerning because it enables remote code execution when users interact with maliciously crafted DXF files, making it a prime target for social engineering attacks and supply chain compromises.

The technical implementation of this vulnerability stems from inadequate input validation within the DXF file parser component of Bentley View. When processing specially crafted DXF files, the application fails to properly bounds-check data structures during parsing operations, leading to a situation where the program reads memory locations beyond the allocated buffer boundaries. This buffer overread condition creates a predictable memory access pattern that attackers can exploit to manipulate program execution flow. The vulnerability requires user interaction to be successfully exploited, meaning that victims must either visit a malicious webpage hosting the compromised DXF file or open the file directly from their local system. This requirement significantly reduces the attack surface compared to fully automated exploits but still leaves users vulnerable through targeted phishing campaigns or malicious file sharing.

The operational impact of CVE-2022-28307 extends beyond simple code execution capabilities, as it allows attackers to operate within the security context of the currently running Bentley View process. This privilege escalation scenario means that successful exploitation could lead to complete system compromise, especially if the application is running with elevated privileges. The vulnerability's classification aligns with ATT&CK technique T1203, which covers exploitation for arbitrary code execution, and T1059, which involves command and scripting interpreter usage. Attackers could leverage this vulnerability to establish persistent access, deploy additional malware, or conduct reconnaissance activities within the compromised environment. Organizations using Bentley View for engineering and design work face particular risk, as these applications often handle sensitive intellectual property and critical infrastructure designs that could be targeted by sophisticated adversaries.

Mitigation strategies for CVE-2022-28307 should prioritize immediate software updates from Bentley Systems, which would contain the patched DXF file parsing routines. Organizations should also implement defensive measures including user education about the risks of opening untrusted DXF files, network-based filtering of malicious file types, and endpoint protection solutions that can detect anomalous behavior patterns associated with buffer overread exploits. Additionally, security teams should consider implementing application whitelisting policies to restrict execution of unauthorized software and monitor for suspicious file access patterns that might indicate exploitation attempts. The vulnerability serves as a reminder of the importance of robust input validation and memory safety practices in commercial software applications, particularly those handling complex file formats that are prone to malformed data injection attacks. Organizations should also conduct thorough vulnerability assessments of their engineering design workflows to identify other potential attack vectors that might leverage similar parsing vulnerabilities in their software ecosystems.

Reservation

03/31/2022

Disclosure

03/29/2023

Moderation

accepted

CPE

ready

EPSS

0.00951

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!