The process of serialization is a fundamental function of a number of common application frameworks, due to the power it provides a developer. Serializing object states is commonly used for persistent storage of information as well as ephemeral data transport such as remote object services.
The .NET framework provides many such techniques to serialize the state of objects but by far the most powerful is the Binary Formatter; a set of functionality built into the framework since v1.0. The power providing by this serialization mechanism, the length of time it has been present as well as the fact it is tied so closely into the .NET runtime makes it a interesting target for vulnerability analysis.
This whitepaper describes some of the findings of an analysis on the properties of the .NET Binary serialization process which led to the discovery of some fundamental vulnerabilities which allow remote code execution, privilege escalation and information disclosure attacks against not just sandboxed .NET code (such as in the browser) but also remote network services using common framework libraries. It should be of interest to both security researchers to demonstrate some interesting attack techniques which could apply to other serialization technologies as well as .NET developers to help them avoid common mistakes with binary serialization.