all InfoSec news
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS (R Data Serialization) format files and .rdx files. An attacker can create malicious RDS or .rdx formatted files to execute arbitrary commands on the victim's target device.
Description
R supports data serialization, which is the process of turning R objects and data into a format that can then …
arbitrary code arbitrary code execution attacker can code code execution data deserialization exploited files language programming programming language rds rdx serialization untrusted vulnerability vulnerable