Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Cloud Station Drive by Synology

    VAR-201708-1063

    Vulnerability from variot - Updated: 2025-04-20 23:35

    Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. Synology Cloud Station Drive Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Cloud Station Drive for Windows is a Windows-based computer synchronization tool from Synology. installer is one of the installers. (Malicious files include: (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll, or (4) dwmapi.dll)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1063",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cloud station drive",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "synology",
            "version": "4.2.4-4393"
          },
          {
            "model": "cloud station drive",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "synology",
            "version": "4.2.5-4396"
          },
          {
            "model": "cloud station drive",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "synology",
            "version": "4.2.4-4393"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:synology:cloud_station_drive",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          }
        ]
      },
      "cve": "CVE-2017-11158",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-11158",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-101552",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-11158",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11158",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11158",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-375",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101552",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. Synology Cloud Station Drive Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Cloud Station Drive for Windows is a Windows-based computer synchronization tool from Synology. installer is one of the installers. (Malicious files include: (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll, or (4) dwmapi.dll)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-11158",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-101552",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "id": "VAR-201708-1063",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:35:47.358000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Synology-SA-17:51 Cloud Station Drive",
            "trust": 0.8,
            "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
          },
          {
            "title": "Synology Cloud Station Drive for Windows Fixes for installer vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99907"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-426",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-427",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.synology.com/en-global/support/security/synology_sa_17_51_cloud_station_drive"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11158"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11158"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "date": "2017-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "date": "2017-08-31T13:29:00.200000",
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101552"
          },
          {
            "date": "2017-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11158"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Synology Cloud Station Drive Vulnerabilities related to untrusted search paths",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007566"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-375"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-11158 (GCVE-0-2017-11158)

    Vulnerability from nvd – Published: 2017-08-31 13:00 – Updated: 2024-09-17 02:27
    VLAI
    Summary
    Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element (CWE-427)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology Cloud Station Drive Affected: before 4.2.5-4396
    Create a notification for this product.
    Date Public
    2017-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:57:58.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Station Drive",
              "vendor": "Synology",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 4.2.5-4396"
                }
              ]
            }
          ],
          "datePublic": "2017-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element (CWE-427)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2017-08-30T00:00:00",
              "ID": "CVE-2017-11158",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Station Drive",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 4.2.5-4396"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Search Path Element (CWE-427)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2017-11158",
        "datePublished": "2017-08-31T13:00:00.000Z",
        "dateReserved": "2017-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:27:34.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11158 (GCVE-0-2017-11158)

    Vulnerability from cvelistv5 – Published: 2017-08-31 13:00 – Updated: 2024-09-17 02:27
    VLAI
    Summary
    Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element (CWE-427)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Synology Cloud Station Drive Affected: before 4.2.5-4396
    Create a notification for this product.
    Date Public
    2017-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:57:58.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Station Drive",
              "vendor": "Synology",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 4.2.5-4396"
                }
              ]
            }
          ],
          "datePublic": "2017-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element (CWE-427)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
            "shortName": "synology"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@synology.com",
              "DATE_PUBLIC": "2017-08-30T00:00:00",
              "ID": "CVE-2017-11158",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Station Drive",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 4.2.5-4396"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Synology"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Search Path Element (CWE-427)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "assignerShortName": "synology",
        "cveId": "CVE-2017-11158",
        "datePublished": "2017-08-31T13:00:00.000Z",
        "dateReserved": "2017-07-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:27:34.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }