Code Execution Vulnerability in Progress Telerik JustAssembly and JustDecompile
CVE-2018-15122

7.8HIGH

Key Information:

Vendor: Telerik
Status: Justdecompile; Justassembly
Vendor: CVE Published:; 16 August 2018

What is CVE-2018-15122?

A vulnerability in Progress Telerik JustAssembly and JustDecompile allows attackers to execute arbitrary code by exploiting the decompilation of embedded resource files within compiled .NET objects, such as DLLs or EXEs. By clicking on the resource, an attacker can trigger the execution of malicious code, potentially compromising the integrity and security of the application.

References

https://docs.telerik.com/devtools/justdecompile/knowledge...

x_refsource_CONFIRM

https://www.telerik.com/support/whats-new/justdecompile/r...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2018
Vulnerability Reserved
Aug 6, 2018