Search

Security ID : NAS-201712-08

Security Advisory for DLL Hijacking vulnerability in Qsync for Windows (exe)

  • Release date : December 8, 2017

  • CVE identifier : CVE-2017-13070

  • Affected products: Qsync for Windows (exe) version 4.2.2.0724 and earlier

Severity

Moderate

Status

Resolved

Summary

One DLL Hijacking vulnerability was recently found in Qsync for Windows (exe). If exploited, this vulnerability may allow a remote attacker to run arbitrary code on the Windows machine.

We have already patched this issue in Qsync for Windows (exe) versions 4.2.3.0915 and later.

Recommendations

If you are using an affected version of QNAP Qsync for Windows (exe), you must update it to version 4.2.3.0915 or later to resolve this issue.

Updating Qsync for Windows

  1. Log on to Windows.
  2. Right-click on the Windows Taskbar.
    The Qsync window appears.
  3. Click .
  4. Click Check for Updates.
    An update notification message appears.
  5. Click Update.
    The application is updated.

Acknowledgements: Stefan Kanthak (http://eskamation.de)

Revision History: V1.0 (December 8, 2017) - Published

Escolher especificação

      Mostrar mais Menos

      Este site noutros países/regiões:

      open menu
      back to top