Synology-SA-17:44 Synology Assistant
Publish Time: 2017-08-16 00:00:00 UTC+8
Last Updated: 2017-08-16 17:38:00 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
CVE-2017-11160 allows local users to execute arbitrary codes when installing a vulnerable version of Synology Assistant on client Windows system.
Severity
- Impact: Moderate
- CVSS3 Base Score: 7.3
- CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected
- Products
- Synology Assistant before 6.1-15163
Description
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
Mitigation
None
Update Availability
To fix the security issue, please update Synology Assistant to 6.1-15163 or above.