Synology-SA-17:44 Synology Assistant
Publish Time: 2017-08-16 00:00:00 UTC+8
Last Updated: 2017-08-16 17:38:00 UTC+8
CVE-2017-11160 allows local users to execute arbitrary codes when installing a vulnerable version of Synology Assistant on client Windows system.
- Impact: Moderate
- CVSS3 Base Score: 7.3
- CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Synology Assistant before 6.1-15163
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
To fix the security issue, please update Synology Assistant to 6.1-15163 or above.