“ The flow state of the page and prise that must be retained during postback are serialize into base64 - encode drawing string when the HTML markup for the Page is make . “ A remote , unauthenticated assailant may be able to put to death arbitrary computer code with the privilege of the World Wide Web server by ship a specially - craft postulation to a server that US Checkbox Survey 6.x or early , ” allot to the consultive . The Checkbox Survey code wield the datum , but it push aside the ASP.NET ViewState Message Authentication Code ( MAC ) localize on the server , which is a defect that an attacker might employment to build arbitrary datum that could conduce to write in code murder when deserialized . The snappy point that the exposure has been put-upon in set on , notwithstanding it does n’t hold up into item regard the dishonor . Checkbox Survey is an ASP.NET - free-base online appraise putz that appropriate job build professional person sight that can be get at from either background electronic computer or peregrine twist . Checkbox has likewise cast a arrest to the development of Checkbox Survey reading 6 . The CVE-2021 - 27852 problem in Checkbox Survey is relate to dangerous deserialization of position State Department data point , which is a method apply by the ASP.NET Page framework to keep foliate and assure holding . This information is afterward salt away in the purview tell enshroud plain or sphere , concord to Microsoft . user are urge to upgrade to Checkbox Survey interlingual rendition 7.0 or tardy , as this variation does not use survey res publica data and is hence no more longer susceptible . prior to reading 7.0 , Checkbox Survey employ a _ VSTATE argument that was deserialized utilise LosFormatter to apply its possess catch posit capableness .