Serialization is the process of saving an object's state to a sequence of bytes; deserialization is the process of rebuilding those bytes into a live object. The Java Serialization API provides a ...

Just like with Java apps, the flaw is in how .NET libraries handle serialized data during deserialization, allowing an attacker to sneak in code that gets executed on a target's machine.

A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections ...