PT-2005-4803 · Sunncomm · Sunncomm Mediamax Drm

Alex Stamos

Published

2005-12-08

Updated

2011-03-07

CVE-2005-4069

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SunnComm MediaMax DRM version 5.0.21.0

Description The issue allows local users to gain privileges by modifying programs installed in the "SunnComm Shared" directory, due to insecure permissions. Specifically, the SunnComm MediaMax DRM assigns Everyone/Full Control permissions to this directory, which can be exploited by modifying installed programs such as MMX.exe.

Recommendations For SunnComm MediaMax DRM version 5.0.21.0, consider restricting access to the "SunnComm Shared" directory to prevent local users from modifying installed programs and gaining privileges. As a temporary workaround, restrict write access to the MMX.exe program to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2005-4069

Affected Products

Sunncomm Mediamax Drm

PT-2005-4803 · Sunncomm · Sunncomm Mediamax Drm

CVE-2005-4069

Weakness Enumeration

Related Identifiers

Affected Products

References · 8