Synology-SA-17:45 Photo Station Uploader
Publish Time: 2017-08-23 18:12:23 UTC+8
Last Updated: 2017-08-23 18:12:23 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
CVE-2017-11159 allows local users to execute arbitrary codes during the installation of Photo Station Uploader on Windows via a vulnerable version.
Severity
- Impact: Moderate
- CVSS3 Base Score: 7.3
- CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected
- Products
- Photo Station Uploader before 1.4.2-084
Description
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
Mitigation
None
Update Availability
To fix the security issue, please update Photo Station Uploader to 1.4.2-084 or above.