CVE-2017-11158

Summary

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

Affected Software

VendorProductVersion RangeStatus
SynologyCloud Station Drivebefore 4.2.5-4396affected

Weaknesses

  • CWE-427: Uncontrolled Search Path Element (CWE-427)

ADP Enrichment

CVE Program Container

Additional References

References