Vulnerability Details CVE-2017-11157
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2017-11157
-
cpe:2.3:a:synology:cloud_station_backup:4.0-4203
-
cpe:2.3:a:synology:cloud_station_backup:4.0-4204
-
cpe:2.3:a:synology:cloud_station_backup:4.0-4207
-
cpe:2.3:a:synology:cloud_station_backup:4.1-4222
-
cpe:2.3:a:synology:cloud_station_backup:4.1-4224
-
cpe:2.3:a:synology:cloud_station_backup:4.2.0-4339
-
cpe:2.3:a:synology:cloud_station_backup:4.2.1-4374
-
cpe:2.3:a:synology:cloud_station_backup:4.2.2-4379
-
cpe:2.3:a:synology:cloud_station_backup:4.2.3-4385
-
cpe:2.3:a:synology:cloud_station_backup:4.2.4-4393
-
cpe:2.3:o:microsoft:windows:-