Exploit.MSIL.CVE-2019-18935

Parent class: Malware

Malicious tools are malicious programs designed to automatically create viruses, worms, or Trojans, conduct DoS attacks on remote servers, hack other computers, etc. Unlike viruses, worms, and Trojans, malware in this subclass does not present a direct threat to the computer it runs on, and the program’s malicious payload is only delivered on the direct order of the user.

Read more

Class: Exploit

Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes. Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user. Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.

Read more

Platform: MSIL

The Common Intermediate Language (formerly known as Microsoft Intermediate Language, or MSIL) is an intermediate language developed by Microsoft for the .NET Framework. CIL code is generated by all Microsoft .NET compilers in Microsoft Visual Studio (Visual Basic .NET, Visual C++, Visual C#, and others).

Description

Progress Telerik for ASP.NET AJAX 2019.3.1022 and its earlier versions contain .NET deserialization vulnerability in the RadAsyncUpload function. This vulnerability can be used if the cryptographic keys become known to the attacker due to CVE-2017-11317, CVE-2017-11357, or other vulnerabilities. Exploiting this vulnerability can allow remote code execution.

Top 10 countries with most attacked users (% of total attacks)

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com