□ Overview
o SignKorea release security updates to address a remote code execution vulnerability in SKCertService.
Vulnerability
| Vulnerability type |
Impact |
Severity |
CVE ID |
| Remote code execution |
code execution |
High |
CVE-2018-5202 |
□ Description
o SKCertService contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.
□ Affected Products
Affected Products
| Product |
Version |
| SKCertService |
2.3.0 ~ 2.5.5 |
□ Solution
o Update software over SKCertService 2.5.8 version
□ Reference site
o http://www.signkorea.com/modules/InstallCheck.jsp
|
