MediaMax Bug Found; Patch Issued; Patch Suffers from Same Bug
Ed Felton writes in Freedom to Tinker:
iSEC, EFF, and SonyBMG issued a joint press release yesterday, announcing yet another serious security bug in the SunnComm MediaMax copy protection software that ships on many SonyBMG compact discs. (SonyBMG has recalled CDs that use another copy protection system, XCP, but they have not yet recalled discs containing MediaMax.)Read more here.
As we’ve written before, the first time you insert a MediaMax-bearing CD into your Windows computer (assuming you have Windows autorun enabled, as most people do), MediaMax installs some software on your computer. Once this initial software is on your computer, you are vulnerable to the new attack. The gist of the problem is that MediaMax installs itself in a directory that anyone is allowed to modify, even users who otherwise run with heavily restricted security permissions. Any program that comes along can modify your MediaMax files, booby-trapping the files by inserting hostile software that will be run automatically the next time you insert a MediaMax-bearing CD into your computer. And because MediaMax is run with full administrator privileges, the hostile program gets to run with full privileges, allowing it to inflict any mischief it likes on your PC.
Alex Halderman has discovered that the problem is worse than the press release indicates.