CVE-2017-11159

Published: Aug 23, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

Affected (1)

Products: Synology: Photo Station Uploader

1 product

Photo Station Uploader

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Photo Station Uploader	Up to 1.4.1-083

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://www.synology.com/en-global/support/security/Synology_SA_17_45_Photo_Station_Uploader

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/support/security/Synology_SA_17_45_Photo_Station_Uploader

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.