CVE-2017-11160

Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 6.1-15163

Description The issue allows local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse file in the current working directory, specifically targeting shfolder.dll, ntmarta.dll, secur32.dll, or dwmapi.dll files.

Recommendations For versions prior to 6.1-15163, update to version 6.1-15163 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer in Synology Assistant to minimize the risk of exploitation. Avoid placing untrusted files in the current working directory, especially those with names similar to shfolder.dll, ntmarta.dll, secur32.dll, or dwmapi.dll, until the issue is resolved.