exploitDog

CVE-2018-5202

Опубликовано: 21 дек. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.

Ссылки

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119
Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:signkorea:skcertservice:*:*:*:*:*:*:*:*

Версия до 2.5.5 (включая)

EPSS

Процентиль: 69%

0.006

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jwp4-rhw6-7g6m

CVSS3: 7.8

github

больше 3 лет назад

SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.

EPSS

Процентиль: 69%

0.006

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo