QwikSec

Security Database

CVE

CWE

Training

CVE-2017-11158

Published: Aug 31, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

Vendor	Product	Versions
Synology	Cloud Station Drive	affected `before 4.2.5-4396`

Weaknesses (CWE)

References

https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.