What are some details of the MediaMax vulnerability?
MediaMax version 5 leaves a crucial folder “unlocked,” that is to say with an ACL that allows all principals to have all privileges. The reason this is a problem is that the folder contains an executable program (MMX.EXE, the MediaMax program) that must be run by a user account with high privileges. An attacker can overwrite MMX.EXE with code of her choice, and the next time a MediaMax disc is played, her attack code will be executed. Specifically, the directory that the SunnComm MediaMax software creates, located in “c:\Program Files\Common Files\SunnComm Shared\,” overrides the default Access Control List (also known as the file system permissions). The SunnComm Shared directory uses an ACL that doesn’t protect against low rights users (i.e., “Everyone” in Windows parlance) overwriting the contents including the installed binaries. Returning to our example of Bob and Jane, it mean that Bob can now rewrite the spreadsheet, or more worrisome, replace it with a malicious program.
