A vulnerability was found in Directory Cloud Station up to 4.2. (Cloud Software). It has been rated as critical. This issue affects an unknown part in the library shfolder.dll of the component Trojan Horse. The manipulation as part of a Search Path leads to a untrusted search path vulnerability. Using CWE to declare the problem leads to CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Multiple untrusted search path vulnerabilities in installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

The bug was discovered 08/30/2017. The weakness was presented 08/30/2017 (Website). It is possible to read the advisory at synology.com. The identification of this vulnerability is CVE-2017-11157 since 07/10/2017. The exploitation is known to be easy. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1574 according to MITRE ATT&CK.

Upgrading to version 4.2.5-4396 eliminates this vulnerability.

Productinfo

Type

• Cloud Software

Vendor

• Directory

Name

• Cloud Station

Version

• 4.2.

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion