If so, click to download 15 days full version for free!
From early Remote Method Invocation (RMI) or CORBA implementations, Serialization/Deserialization is a key mechanism used for transferring a code state from one end to another. Serialization/Deserialization happens both in-process, inter-process and inter-network communications between same or different frameworks.
There are APIs which can deserialize already serialized class instances such as below;
The code above reads a user inputted file and deserialize the type instance and executes its Register method. Providing a malicious serialized object and attacker can execute random code with Register method executing.
BinaryFormatter serializer = new BinaryFormatter(); byte  content = File.ReadAllBytes(userInputFilePath); MemoryStream ms = new MemoryStream(content); OrderedItem i = (OrderedItem) serializer.Deserialize(ms); i.Register();
If so, click to buy now for yearly subscriptions!