Vulnerability Details CVE-2017-11160
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2017-11160
-
cpe:2.3:a:synology:assistant:2.2-1062
-
cpe:2.3:a:synology:assistant:2.2-1063
-
cpe:2.3:a:synology:assistant:2.3-1134
-
cpe:2.3:a:synology:assistant:2.3-1153
-
cpe:2.3:a:synology:assistant:2.3-1157
-
cpe:2.3:a:synology:assistant:3.0-1334
-
cpe:2.3:a:synology:assistant:3.0-1347
-
cpe:2.3:a:synology:assistant:3.1-1593
-
cpe:2.3:a:synology:assistant:3.2-1920
-
cpe:2.3:a:synology:assistant:4.0-2196
-
cpe:2.3:a:synology:assistant:4.0-2216
-
cpe:2.3:a:synology:assistant:4.1-2636
-
cpe:2.3:a:synology:assistant:4.1-2638
-
cpe:2.3:a:synology:assistant:4.1-2647
-
cpe:2.3:a:synology:assistant:4.2-3179
-
cpe:2.3:a:synology:assistant:4.2-3508
-
cpe:2.3:a:synology:assistant:4.3-4206
-
cpe:2.3:a:synology:assistant:4.3-4359
-
cpe:2.3:a:synology:assistant:5.0-4418
-
cpe:2.3:a:synology:assistant:5.0-4448
-
cpe:2.3:a:synology:assistant:5.1-5002
-
cpe:2.3:a:synology:assistant:5.1-5005
-
cpe:2.3:a:synology:assistant:5.2-5566
-
cpe:2.3:a:synology:assistant:6.0-7319
-
cpe:2.3:a:synology:assistant:6.1-15030