Search

安全ID : NAS-201712-08

Security Advisory for DLL Hijacking vulnerability in Qsync for Windows (exe)

  • 发布日期 : December 8, 2017

  • 通用漏洞披露 : CVE-2017-13070

  • 受影响产品: Qsync for Windows (exe) version 4.2.2.0724 and earlier

严重程度

Moderate

状态

已解决

Summary

One DLL Hijacking vulnerability was recently found in Qsync for Windows (exe). If exploited, this vulnerability may allow a remote attacker to run arbitrary code on the Windows machine.

We have already patched this issue in Qsync for Windows (exe) versions 4.2.3.0915 and later.

Recommendations

If you are using an affected version of QNAP Qsync for Windows (exe), you must update it to version 4.2.3.0915 or later to resolve this issue.

Updating Qsync for Windows

  1. Log on to Windows.
  2. Right-click on the Windows Taskbar.
    The Qsync window appears.
  3. Click .
  4. Click Check for Updates.
    An update notification message appears.
  5. Click Update.
    The application is updated.

致谢: Stefan Kanthak (http://eskamation.de)

修订历史: V1.0 (December 8, 2017) - Published

选择规格

      显示更多 隐藏更多
      open menu
      back to top