Synology-SA-17:45 Photo Station Uploader
Publish Time: 2017-08-23 18:12:23 UTC+8
Last Updated: 2017-08-23 18:12:23 UTC+8
CVE-2017-11159 allows local users to execute arbitrary codes during the installation of Photo Station Uploader on Windows via a vulnerable version.
- Impact: Moderate
- CVSS3 Base Score: 7.3
- CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Photo Station Uploader before 1.4.2-084
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
To fix the security issue, please update Photo Station Uploader to 1.4.2-084 or above.