Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
[
{
"product": "Cloud Station Drive",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "before 4.2.5-4396"
}
]
}
]