Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
CVSS Information
N/A
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Synology Cloud Station Drive for Windows 安装程序漏洞
Vulnerability Description
Synology Cloud Station Drive for Windows是群晖(Synology)公司的一款基于Windows的电脑同步工具。installer是其中的一个安装程序。 基于Windows平台的Synology Cloud Station Drive 4.2.5-4396之前的版本中的安装程序存在不可信的搜索路径漏洞。本地攻击者可借助当前工作目录下恶意的文件利用该漏洞执行任意代码或实施DLL劫持攻击。(恶意的文件包括:(1) shfolder.dll、(2) ntmarta.dll、
CVSS Information
N/A
Vulnerability Type
N/A