SunnComm MediaMax Vulnerability
December 8, 2005 by TomWhile not as bad as the Sony Rootkit, it has been revealed that the SunnComm MediaMax DRM software has a somewhat major security vulnerability as well that could allow for privilege escalation (or messing with the software’s files as an unprivileged user). The problem stems from the fact that the DRM software, when first run off a protected CD, installs itself with file permissions set in such a way that even the lowest privileged users in Windows (including the Guest account) have “Full Control” over the files. This could allow a regular user (or malicious code running as a regular user) to replace the DRM software with something malicious (such as a virus or backdoor), and then the next time someone with Administrator privileges attempts to play a protected CD, the code would be run, installing the malicious code. Obviously this is more of a concern in corporate or other managed environments, since most consumers run Windows with full Administrator privileges anyway.
SonyBMG has released a patch for this issue, which is available from their website. However, EFF does not suggest using the patch at this time.
To be clear, note that this is NOT the Sony Rootkit (XCP), but is a different type of DRM software used on certain SonyBMG discs.
Secunia Advisory SA17933
EFF’s Statement
The Full Report (pdf)
Yet another example of DRM being harmful for our computers…
-Tom
