Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published: 2017-08-31T13:00:00Z

Updated: 2024-09-17T02:27:34.692Z

Reserved: 2017-07-10T00:00:00

Link: CVE-2017-11158

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-31T13:29:00.200

Modified: 2024-11-21T03:07:13.643

Link: CVE-2017-11158

cve-icon Redhat

No data.