CVE ID: CVE-2021-46612 CVSS Score: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Vendors: Bentley Affected Products: MicroStation CONNECT Vulnerability Details: - Allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. - Requires user interaction (e.g., visiting a malicious page or opening a malicious file). - Flaw exists in the parsing of PDF files, triggering a read past the end of an allocated buffer. Additional Details: Vendor has issued an update. More details at Disclosure Timeline: - 2021-10-01: Vulnerability reported to vendor - 2022-01-31: Coordinated public release of advisory Credit: Mat Powell of Trend Micro Zero Day Initiative