Alex Stamos

**Name of the Vulnerable Software and Affected Versions** SunnComm MediaMax DRM version 5.0.21.0 **Description** The issue allows local users to gain privileges by modifying programs installed in the "SunnComm Shared" directory, due to insecure permissions. Specifically, the `SunnComm MediaMax DRM` assigns `Everyone/Full Control` permissions to this directory, which can be exploited by modifying installed programs such as `MMX.exe`. **Recommendations** For SunnComm MediaMax DRM version 5.0.21.0, consider restricting access to the "SunnComm Shared" directory to prevent local users from modifying installed programs and gaining privileges. As a temporary workaround, restrict write access to the `MMX.exe` program to minimize the risk of exploitation.