CVE-2017-11160 : What You Need to Know
Learn about CVE-2017-11160 affecting Synology Assistant installer on Windows. Discover the impact, affected versions, exploitation, and mitigation steps.
Synology Assistant installer prior to version 6.1-15163 on Windows is vulnerable to untrusted search path attacks, allowing local attackers to execute arbitrary code and conduct DLL hijacking attacks.
Understanding CVE-2017-11160
What is CVE-2017-11160?
Multiple untrusted search path vulnerabilities in the Synology Assistant installer on Windows enable local attackers to execute arbitrary code by using malicious versions of specific files.
The Impact of CVE-2017-11160
The vulnerabilities in the Synology Assistant installer can be exploited by local attackers to execute arbitrary code and launch DLL hijacking attacks.
Technical Details of CVE-2017-11160
Vulnerability Description
The installer in Synology Assistant version prior to 6.1-15163 on Windows has vulnerabilities that expose it to untrusted search path attacks, allowing for arbitrary code execution and DLL hijacking.
Affected Systems and Versions
- Product: Synology Assistant
- Vendor: Synology
- Versions affected: Prior to 6.1-15163
Exploitation Mechanism
Local attackers can exploit the vulnerabilities by using malicious versions of shfolder.dll, ntmarta.dll, secur32.dll, or dwmapi.dll files in the current working directory.
Mitigation and Prevention
Immediate Steps to Take
- Update Synology Assistant to version 6.1-15163 or later.
- Avoid running the installer from untrusted locations.
Long-Term Security Practices
- Regularly update software and firmware to the latest versions.
- Implement proper file and directory permissions to prevent unauthorized access.
Patching and Updates
- Stay informed about security updates from Synology and apply patches promptly.