Attacker Value
Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
0

CVE-2018-14581

Disclosure Date: July 31, 2018
CVE-2018-14581 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.

Add Assessment

2
Ratings
  • Attacker Value
    Low
  • Exploitability
    High
Easy to weaponizeUnauthenticatedVulnerable in default configurationRequires user interaction
Technical Analysis

A crafted .RESX file can be used to execute code when deserialized by .NET reflector. The attacker would need to generate the .RESX file, compile it into a .RESOURCES file, before combining that with a C# executable to create a malicious binary.

The binary would then need to be opened by the target user in .NET reflector and inspected (it looks like by expanding a node within the tree view) in order to cause the resource to be deserialized and the code to be executed. The resulting execution context would be as the user inspecting the file.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • red-gate

Products

  • .net reflector,
  • smartassembly
Technical Analysis