Presto Client
Monthly
Synology Presto Client versions prior to 2.1.3-0672 are vulnerable to DLL hijacking during installation, enabling local attackers with user privileges to read or write arbitrary files by placing malicious libraries in the installer directory. The vulnerability requires user interaction and local access but grants high-impact capabilities including confidentiality and integrity violations. No patch is currently available.
Synology Presto Client versions prior to 2.1.3-0672 are vulnerable to DLL hijacking during installation, enabling local attackers with user privileges to read or write arbitrary files by placing malicious libraries in the installer directory. The vulnerability requires user interaction and local access but grants high-impact capabilities including confidentiality and integrity violations. No patch is currently available.