SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2018-12-21T16:00:00Z

Updated: 2024-09-16T20:36:19.536Z

Reserved: 2018-01-03T00:00:00

Link: CVE-2018-5202

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-21T16:29:00.287

Modified: 2024-11-21T04:08:19.513

Link: CVE-2018-5202

cve-icon Redhat

No data.