Vulnerability Description
Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red-Gate | .Net Reflector | < 10.0.7.774 |
| Red-Gate | Smartassembly | < 6.12.5 |
Related Weaknesses (CWE)
References
- https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reRelease NotesVendor Advisory
- https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassRelease NotesVendor Advisory
- https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-ExploitThird Party Advisory
- https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reRelease NotesVendor Advisory
- https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassRelease NotesVendor Advisory
- https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-ExploitThird Party Advisory
FAQ
What is CVE-2018-14581?
CVE-2018-14581 is a vulnerability with a CVSS score of 7.8 (HIGH). Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded reso...
How severe is CVE-2018-14581?
CVE-2018-14581 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14581?
Check the references section above for vendor advisories and patch information. Affected products include: Red-Gate .Net Reflector, Red-Gate Smartassembly.