CVE-2021-31496

Vulnerability

This vulnerability resides in the DXF file parsing component of OpenText Brava! Desktop version 16.6.3.84. The issue stems from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. User interaction is required to trigger the vulnerability, as the target must visit a malicious page or open a malicious file [1].

Exploitation

An attacker can exploit this vulnerability by crafting a specially crafted DXF file and convincing a user to open it, either by visiting a malicious webpage or opening the file directly. No authentication or special network position is required; the attacker only needs to deliver the malicious file to the user. Upon parsing the malformed DXF data, the Brava! Desktop application performs an out-of-bounds write, which can be leveraged to achieve code execution [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process. This can lead to full compromise of confidentiality, integrity, and availability, as the attacker gains the same privileges as the logged-on user. The CVSS score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [1].

Mitigation

As of the publication date (June 15, 2021), no official patch has been released by OpenText for this vulnerability. The ZDI advisory notes that the disclosure follows the 120-day deadline without a vendor fix [1]. Users are advised to limit exposure by avoiding opening untrusted DXF files and considering the use of alternative software or sandboxing until a patch becomes available.