dBpowerAMP Music Converter allows elevated privileges
| dbpoweramp-music-converter-gain-privilege (20274) |  High Risk |
Description:
dBpowerAMP Music Converter could allow a local attacker to gain elevated privileges. This is caused by a vulnerability regarding weak default directory permissions and the auxiliary.exe insecurely starting the sndvol32.exe utility upon configuring the input source. A local attacker could exploit this vulnerability by placing a malicious sndvol32.exe file within the dBpowerAMP directory to execute arbitrary code on the system with elevated privileges.
Note: In order to exploit this vulnerability, the attacker must configure the input source along with the application that has been installed in a non-default location.
Platforms Affected:
- illustrate, dBpowerAMP Music Converter 11.0
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Privileges
References:
- dBpowerAMP Web site, dBpowerAMP Music Converter (dMC) at http://www.dbpoweramp.com/dmc.htm.
Reported:
Apr 26, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net