CVE-2022-43655
📋 TL;DR
A heap-based buffer overflow vulnerability in Bentley View's FBX file parser allows remote attackers to execute arbitrary code when users open malicious FBX files. This affects users of Bentley View software who process untrusted FBX files. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Bentley View
📦 What is this software?
View by Bentley
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the Bentley View process, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or malware installation on the affected workstation, potentially leading to credential theft or data exfiltration.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash but no code execution.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). The vulnerability is well-documented and weaponization is likely given the RCE potential.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.16.02 and later
Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/CVE-2022-43655
Restart Required: Yes
Instructions:
1. Download Bentley View version 10.16.02 or later from official Bentley website. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes.
🔧 Temporary Workarounds
Disable FBX file association
windowsRemove Bentley View as the default handler for FBX files to prevent automatic opening
Control Panel > Default Programs > Associate a file type or protocol with a program > Select .fbx > Change program > Choose different application
Application sandboxing
allRun Bentley View in a restricted environment or sandbox
🧯 If You Can't Patch
- Implement strict file type filtering at email gateways and web proxies to block FBX files
- Educate users to never open FBX files from untrusted sources and implement application whitelisting
🔍 How to Verify
Check if Vulnerable:
Check Bentley View version in Help > About. If version is earlier than 10.16.02, the system is vulnerable.Check Version:
In Bentley View: Help > About, or check installed programs in Control PanelVerify Fix Applied:
Verify version is 10.16.02 or later in Help > About and test opening known safe FBX files to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected process creation from Bentley View executable
- Failed attempts to open corrupted FBX files
Network Indicators:
- Downloads of FBX files from suspicious sources
- Outbound connections from Bentley View to unknown IPs
SIEM Query:
source="bentley_view.log" AND (event="crash" OR event="memory_access_violation") OR process_name="bentleyview.exe" AND child_process_created=true