Vulnerability Details CVE-2017-11158
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2017-11158
-
cpe:2.3:a:synology:cloud_station_drive:1.0-2197
-
cpe:2.3:a:synology:cloud_station_drive:1.0-2218
-
cpe:2.3:a:synology:cloud_station_drive:1.1-2249
-
cpe:2.3:a:synology:cloud_station_drive:1.1-2251
-
cpe:2.3:a:synology:cloud_station_drive:1.1-2288
-
cpe:2.3:a:synology:cloud_station_drive:1.1-2289
-
cpe:2.3:a:synology:cloud_station_drive:1.1-2291
-
cpe:2.3:a:synology:cloud_station_drive:2.0-2391
-
cpe:2.3:a:synology:cloud_station_drive:2.0-2402
-
cpe:2.3:a:synology:cloud_station_drive:2.1-2561
-
cpe:2.3:a:synology:cloud_station_drive:2.1-2570
-
cpe:2.3:a:synology:cloud_station_drive:2.1-2577
-
cpe:2.3:a:synology:cloud_station_drive:3.0-3005
-
cpe:2.3:a:synology:cloud_station_drive:3.0-3103
-
cpe:2.3:a:synology:cloud_station_drive:3.0-3108
-
cpe:2.3:a:synology:cloud_station_drive:3.0-3109
-
cpe:2.3:a:synology:cloud_station_drive:3.0-3111
-
cpe:2.3:a:synology:cloud_station_drive:3.1-3317
-
cpe:2.3:a:synology:cloud_station_drive:3.1-3320
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3475
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3479
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3482
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3484
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3487
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3497
-
cpe:2.3:a:synology:cloud_station_drive:3.2-3501
-
cpe:2.3:a:synology:cloud_station_drive:4.0-4203
-
cpe:2.3:a:synology:cloud_station_drive:4.0-4204
-
cpe:2.3:a:synology:cloud_station_drive:4.0-4207
-
cpe:2.3:a:synology:cloud_station_drive:4.1-4222
-
cpe:2.3:a:synology:cloud_station_drive:4.1-4224
-
cpe:2.3:a:synology:cloud_station_drive:4.2.0-4339
-
cpe:2.3:a:synology:cloud_station_drive:4.2.1-4374
-
cpe:2.3:a:synology:cloud_station_drive:4.2.2-4379
-
cpe:2.3:a:synology:cloud_station_drive:4.2.3-4385
-
cpe:2.3:a:synology:cloud_station_drive:4.2.4-4393
-
cpe:2.3:o:microsoft:windows:-