@page "/psa/binaryformatter"
This application is using an insecure method to read and write data, and needs to be updated immediately.
If you are seeing this message, it means you loaded a payload that I crafted to exploit this vulnerability. Be fortunate, because I could have done much worse including stealing your data or installing malware on your computer.
If you're seeing this because you loaded my data from a game, this means it's possible for an attacker to craft a save file that can, for example, steal your Steam credentials and send them to a remote server. Just because you loaded - what seemed to be - a save file!
Do not load any more data into this application until the developer has addressed this issue.
BinaryFormatter
is a .NET class that is used to serialize and deserialize data such as game saves
or configuration files. However, it was discovered that this class is vulnerable to remote code execution when
deserializing untrusted data.
Please update your application to use a different serialization method.
For more information, please read the official security notice from Microsoft.