Arbitrary Code Execution Vulnerability in SKCertService 2.5.5 and Earlier

Arbitrary Code Execution Vulnerability in SKCertService 2.5.5 and Earlier

CVE-2018-5202 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.

Learn more about our User Device Pen Test.