Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
[
{
"product": "Photo Station Uploader",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "before 1.4.2-084"
}
]
}
]