CVE-2021-34903 – CVE-2021-34903 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-34903?

CVE-2021-34903 has a CVSS score of 7.8 (HIGH). CVE-2021-34903 is a buffer overflow vulnerability in Bentley View's BMP file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious BMP files or visiting malicious web pages. This affects Bentley View 10.15.0.75 users who process untrusted BMP files.

📋 TL;DR

CVE-2021-34903 is a buffer overflow vulnerability in Bentley View's BMP file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious BMP files or visiting malicious web pages. This affects Bentley View 10.15.0.75 users who process untrusted BMP files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default BMP file parser. Users must open malicious files or visit malicious pages to trigger exploitation.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker executes arbitrary code in the context of the current user, potentially installing malware, stealing sensitive data, or using the system as a foothold for further attacks.

🟢

If Mitigated

Limited impact with proper security controls - potentially application crash or denial of service if exploit fails, but no code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious file is opened. ZDI-CAN-14876 reference suggests detailed analysis exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version after 10.15.0.75

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0002

Restart Required: Yes

Instructions:

1. Download latest Bentley View version from official Bentley website. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable BMP file association

windows

Remove Bentley View as default handler for .bmp files to prevent automatic exploitation

Control Panel > Default Programs > Set Associations > Find .bmp > Change to another program

Application control policy

windows

Block execution of Bentley View from untrusted locations or network shares

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Use network segmentation to isolate Bentley View systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is updated beyond 10.15.0.75 in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes from Bentley View
Unusual process creation from Bentley View executable
Multiple failed attempts to open corrupted BMP files

Network Indicators:

Downloads of BMP files from untrusted sources
Outbound connections from Bentley View to suspicious IPs

SIEM Query:

Process Creation where Image contains 'Bentley View' AND Parent Process not in (explorer.exe, cmd.exe)

📊 Metadata

CVE ID: CVE-2021-34903

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0002 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1492/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0002 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1492/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34903, you might also want to check these: