Login Sign Up

CVE-2021-34872

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-34872 is a use-after-free vulnerability in Bentley View that allows remote code execution when users open malicious SKP files. Attackers can exploit this to execute arbitrary code with the privileges of the current user. Users of Bentley View 10.15.0.75 who open untrusted SKP files are affected.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Bentley View, not other Bentley products. Requires user to open malicious SKP file.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious SKP files from untrusted sources.

🟢

If Mitigated

No impact if users only open trusted SKP files or if the application is patched.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via email, downloads, or compromised websites.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal file shares.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious SKP file is opened. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0014

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from Bentley website. 2. Run installer. 3. Restart computer after installation completes.

🔧 Temporary Workarounds

Disable SKP file association

windows

Remove Bentley View as default handler for .skp files to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .skp > Change program > Choose another application

Block SKP files at perimeter

all

Configure email/web gateways to block .skp file attachments

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Educate users to never open SKP files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version: Open Bentley View > Help > About Bentley View

Check Version:

Not applicable - check via GUI only

Verify Fix Applied:

Verify version is 10.16.02 or higher in About dialog

📡 Detection & Monitoring

Log Indicators:

  • Process creation from Bentley View with unusual command lines
  • Bentley View crashes when opening SKP files

Network Indicators:

  • Outbound connections from Bentley View to unusual IPs/domains

SIEM Query:

Process Creation where Image contains 'Bentley View' and CommandLine contains unusual patterns

📊 Metadata

CVE ID: CVE-2021-34872
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34872, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)