CVE-2017-11158 in Synology Cloud Station Driveinfo

Summary

Multiple untrusted search path vulnerabilities in installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

07/10/2017

Disclosure

08/31/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
106015Synology Cloud Station Drive shfolder.dll untrusted search path426Not definedOfficial fixCVE-2017-11158

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!