CVE-2021-46625 – CVE-2021-46625 is a double-free vulnerability i... (How to Fix)

Q: What is the severity of CVE-2021-46625?

CVE-2021-46625 has a CVSS score of 7.8 (HIGH). CVE-2021-46625 is a double-free vulnerability in Bentley View's JT file parser that allows remote code execution when a user opens a malicious JT file or visits a malicious webpage. Attackers can exploit this to execute arbitrary code with the privileges of the current user. This affects users of Bentley View 10.15.0.75 who open untrusted JT files.

📋 TL;DR

CVE-2021-46625 is a double-free vulnerability in Bentley View's JT file parser that allows remote code execution when a user opens a malicious JT file or visits a malicious webpage. Attackers can exploit this to execute arbitrary code with the privileges of the current user. This affects users of Bentley View 10.15.0.75 who open untrusted JT files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the JT file parser component. All installations of the affected version are vulnerable when processing JT files.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious JT files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only application crash.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web downloads or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal file shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. The vulnerability was discovered by Zero Day Initiative (ZDI-CAN-15455).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from official Bentley website. 2. Run installer as administrator. 3. Follow installation prompts. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for .jt files to prevent automatic exploitation

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Application sandboxing

windows

Run Bentley View in restricted environment using application control solutions

🧯 If You Can't Patch

Implement strict file type filtering on email gateways and web proxies to block .jt files
Educate users to never open JT files from untrusted sources and implement least privilege principles

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75, system is vulnerable.

Check Version:

In Bentley View: Help > About, or check registry: HKEY_LOCAL_MACHINE\SOFTWARE\Bentley\Bentley View\Version

Verify Fix Applied:

Verify version is 10.16.02 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Bentley View with access violation errors
Unexpected process creation from Bentley View executable

Network Indicators:

Downloads of .jt files from suspicious sources
Outbound connections from Bentley View to unknown IPs

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' AND ParentImage contains 'explorer.exe' AND CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-46625

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-212/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-212/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46625, you might also want to check these: