CVE-2018-14581
HIGHRedgate .NET Reflector < 10.0.7.774 and SmartAssembly < 6.12.5 - Remote Code Execution via Embedded Resource File
Title source: llmDescription
Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes
Release Notes, Vendor Advisory x_refsource_confirm
https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes
Exploit, Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisories
Scores
CVSS v3
7.8
EPSS
0.0184
EPSS Percentile
76.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
red-gate/.net_reflector
< 10.0.7.774
red-gate/smartassembly
< 6.12.5
Published
Jul 31, 2018
Tracked Since
Feb 18, 2026