CVE-2018-14581

Name: CVE-2018-14581
Creator: NVD / NIST
Published: 2018-07-31T14:29:00.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.84%

Last modified Jun 17, 2026

CVE-2018-14581 is a vulnerability of currently unknown severity. Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.. EPSS estimates a 1.84% chance of exploitation in the next 30 days.

Description

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.

Metrics

EPSS Probability

1.84%

76.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Red-Gate	.Net Reflector	< 10.0.7.774
Red-Gate	Smartassembly	< 6.12.5

References

https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notesRelease Notes, Vendor Advisory
https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notesRelease Notes, Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisoriesExploit, Third Party Advisory
https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notesRelease Notes, Vendor Advisory
https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notesRelease Notes, Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisoriesExploit, Third Party Advisory

Timeline

Published: Jul 31, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-14581?

How severe is CVE-2018-14581?

Severity scoring for CVE-2018-14581 is pending analysis. The EPSS model estimates a 1.84% probability of exploitation in the next 30 days.

How do I fix CVE-2018-14581?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-14581?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST