Synology-SA-17:51 Cloud Station Drive
Publish Time: 2017-08-30 18:50:14 UTC+8
Last Updated: 2017-08-30 18:50:14 UTC+8
CVE-2017-11158 allows local users to execute arbitrary codes during the installation of Cloud Station Drive on Windows via a vulnerable version.
- Impact: Moderate
- CVSS3 Base Score: 7.3
- CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Cloud Station Drive before 4.2.5-4396
Multiple untrusted search path vulnerabilities in installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
To fix the security issue, please update Cloud Station Drive to 4.2.5-4396 or above.