CVE-2020-6099 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2020-6099?

CVE-2020-6099 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution through a heap buffer overflow when Graphisoft BIMx Desktop Viewer parses malicious files. Attackers can execute arbitrary code on the victim's system by tricking users into opening specially crafted files. Users of BIMx Desktop Viewer 2019.2.2328 are affected.

📋 TL;DR

This vulnerability allows remote code execution through a heap buffer overflow when Graphisoft BIMx Desktop Viewer parses malicious files. Attackers can execute arbitrary code on the victim's system by tricking users into opening specially crafted files. Users of BIMx Desktop Viewer 2019.2.2328 are affected.

💻 Affected Systems

Products:

Graphisoft BIMx Desktop Viewer

Versions: 2019.2.2328

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when parsing BIMx files.

📦 What is this software?

Bimx Desktop Viewer by Graphisoft

View all CVEs affecting Bimx Desktop Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to data theft or ransomware deployment.

🟢

If Mitigated

Limited impact if file execution is blocked or application runs with minimal privileges.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction to open malicious file but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions after 2019.2.2328

Vendor Advisory: https://www.graphisoft.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest BIMx Desktop Viewer from Graphisoft website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Block BIMx file execution

windows

Prevent execution of .bimx files through application control or group policy.

Using AppLocker: New rule blocking BIMxDesktopViewer.exe

Run with reduced privileges

windows

Configure BIMx to run with standard user privileges instead of administrator.

Set application compatibility to 'Run as invoker' in shortcut properties

🧯 If You Can't Patch

Disable BIMx file associations and use alternative viewers
Implement application whitelisting to block BIMx execution

🔍 How to Verify

Check if Vulnerable:

Check Help > About in BIMx Desktop Viewer for version 2019.2.2328.

Check Version:

wmic product where name="BIMx Desktop Viewer" get version

Verify Fix Applied:

Verify installed version is newer than 2019.2.2328 in About dialog.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Windows Event Log with BIMx process
Unexpected child processes spawned from BIMx

Network Indicators:

Outbound connections from BIMx to unknown IPs post-file-open

SIEM Query:

Process Creation where Image contains "BIMx" and CommandLine contains suspicious patterns

📊 Metadata

CVE ID: CVE-2020-6099

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-680

Published: April 18, 2022

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1032 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1032 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6099, you might also want to check these: