본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2018-5202 | SignKorea SKCertService Remote Code Execution2018.12.21
□ Overview
o SignKorea release security updates to address a remote code execution vulnerability in SKCertService.
Vulnerability
Vulnerability type Impact Severity CVE ID
Remote code execution code execution High CVE-2018-5202

□ Description
o SKCertService contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.

□ Affected Products
Affected Products
Product Version
SKCertService 2.3.0 ~ 2.5.5

□ Solution
o Update software over SKCertService 2.5.8 version

□ Reference site
o http://www.signkorea.com/modules/InstallCheck.jsp