I have recently published a blog post via NCC Group’s website about the deserialization issue by abusing the ASP.NET resource files (.resx and .resources extensions). A number of products were exploited and some file uploaders can also be vulnerable to this type of attack.
The full article can be viewed in NCC Group’s website: https://web.archive.org/web/20180701000000*/https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
In addition to this, the advisories can be seen via:
Code Execution by Unsafe Resource Handling in Multiple Microsoft Products: https://research.nccgroup.com/2018/02/08/technical-advisory-code-execution-by-unsafe-resource-handling-in-multiple-microsoft-products/
Code Execution by Viewing Resource Files in .NET Reflector: https://research.nccgroup.com/2018/02/08/technical-advisory-code-execution-by-viewing-resource-files-in-net-reflector/
I had also reported the same vulnerability in Telerik justDecompile and JetBrains dotPeek:
Relevant tweets about this: