Untrusted Search Path Vulnerabilities in Synology Photo Station Uploader for Windows
CVE-2017-11159

7.8HIGH

Key Information:

Vendor: Synology
Status: Photo Station Uploader
Vendor: CVE Published:; 23 August 2017

What is CVE-2017-11159?

The Synology Photo Station Uploader for Windows is susceptible to multiple untrusted search path vulnerabilities that allow local attackers to inject malicious dynamic-link libraries (DLLs). An attacker can exploit this flaw to execute arbitrary code by placing a Trojan horse DLL, such as shfolder.dll, ntmarta.dll, secur32.dll, or dwmapi.dll, in the current working directory. This exposes users to various security risks, including unauthorized control over their systems.

Affected Version(s)

Photo Station Uploader before 1.4.2-084

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2017
Vulnerability Reserved
Jul 10, 2017