Progress Telerik for ASP.NET AJAX 2019.3.1022 and its earlier versions contain .NET deserialization vulnerability in the RadAsyncUpload function. This vulnerability can be used if the cryptographic keys become known to the attacker due to CVE-2017-11317, CVE-2017-11357, or other vulnerabilities. Exploiting this vulnerability can allow remote code execution.
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky users worldwide who have been attacked by this malware