CVE-2017-11158 : Security Advisory and Response

Synology Cloud Station Drive before version 4.2.5-4396 on Windows is vulnerable to untrusted search path issues that can lead to arbitrary code execution and DLL hijacking attacks.

Understanding CVE-2017-11158

This CVE involves vulnerabilities in the installer of Synology Cloud Station Drive that can be exploited by local attackers.

What is CVE-2017-11158?

The installer in Synology Cloud Station Drive on Windows versions prior to 4.2.5-4396 contains vulnerabilities related to untrusted search paths. Attackers can execute arbitrary code and conduct DLL hijacking attacks by using specific Trojan horse files.

The Impact of CVE-2017-11158

These vulnerabilities allow local attackers to execute arbitrary code and carry out DLL hijacking attacks, potentially leading to unauthorized access and system compromise.

Technical Details of CVE-2017-11158

Synology Cloud Station Drive is affected by the following:

Vulnerability Description

Multiple untrusted search path vulnerabilities in the installer allow local attackers to execute arbitrary code and conduct DLL hijacking attacks.

Affected Systems and Versions

Product: Cloud Station Drive
Vendor: Synology
Versions Affected: Before 4.2.5-4396

Exploitation Mechanism

Attackers can exploit the vulnerabilities by placing specific Trojan horse files in the current working directory.

Mitigation and Prevention

To address CVE-2017-11158, consider the following steps:

Immediate Steps to Take

Update Synology Cloud Station Drive to version 4.2.5-4396 or later.
Avoid running the application from directories where untrusted files may exist.

Long-Term Security Practices

Regularly update software and apply security patches.
Implement proper file and directory permissions to prevent unauthorized access.

Patching and Updates

Stay informed about security advisories from Synology and apply patches promptly.