PT-2018-12882 · Progress Telerik · Justassembly+1

Published

2018-08-16

Updated

2018-10-15

CVE-2018-15122

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Progress Telerik JustAssembly versions through 2018.1.323.2 Progress Telerik JustDecompile versions through 2018.2.605.0

Description An issue in Progress Telerik JustAssembly and JustDecompile makes it possible to execute code by decompiling a compiled .NET object with an embedded resource file. This can be achieved by clicking on the resource.

Recommendations For Progress Telerik JustAssembly versions through 2018.1.323.2, avoid decompiling compiled .NET objects with embedded resource files until a fix is available. For Progress Telerik JustDecompile versions through 2018.2.605.0, consider restricting access to the decompilation feature for .NET objects with embedded resources as a temporary mitigation measure.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-15122

Affected Products

Justassembly

Justdecompile

PT-2018-12882 · Progress Telerik · Justassembly+1

CVE-2018-15122

Weakness Enumeration

Related Identifiers

Affected Products

References · 4