SunnComm MediaMax contains a privilege elevation vulnerability, which may allow a user with limited rights to execute code with elevated privileges.
SunnComm MediaMax is copy protection software that is automatically installed by some audio CDs. Sony BMG has provided a list of titles that include MediaMax version 5 software. A device driver is Included with the MediaMax software, which prevents the CD from being copied. The user must be a member of the Windows "Administrators" or "Power Users" group for the software to install. Note that the driver and part of the software is installed before the End User License Agreement (EULA) is presented to the user.
This vulnerability may give a user with access to the filesystem the ability to execute arbitrary code with elevated privileges.
Thanks to EFF for reporting this vulnerability, who in turn credit Jesse Burns and Alex Stamos of iSEC Partners.
|Date First Published:||2006-04-12|
|Date Last Updated:||2006-04-12 19:57 UTC|