TDM Digital Signage PC Player 4.1 Insecure File Permissions

`  
TDM Digital Signage PC Player 4.1 Insecure File Permissions  
  
  
Vendor: TDM [Trending Digital Marketing]  
Product web page: https://www.tdmsignage.com  
https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y  
Affected version: 4.1.0.4  
  
Summary: With TDM you can do a lot more than just show Digital Signage.  
With our Enterprise-Grade software you open the door to Interactive Signage,  
Analytics, Proof of Play and a lot more.  
  
Desc: TDM Digital Signage Windows Player suffers from an elevation of  
privileges vulnerability which can be used by a simple authenticated  
user that can change the executable file with a binary of choice. The  
vulnerability exist due to the improper permissions, with the 'M' flag  
(Modify) or 'C' flag (Change) for 'Authenticated Users' group.  
  
Tested on: Microsoft Windows 10 Home  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2020-5604  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php  
  
23.09.2020  
  
--  
  
  
C:\>icacls TDMSignage  
TDMSignage BUILTIN\Administrators:(I)(OI)(CI)(F)  
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)  
BUILTIN\Users:(I)(OI)(CI)(RX)  
NT AUTHORITY\Authenticated Users:(I)(M) <---------<<<  
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M) <---------<<<  
  
Successfully processed 1 files; Failed processing 0 files  
  
C:\TDMSignage>dir /b *.exe  
Player.exe  
unins000.exe  
  
C:\TDMSignage>icacls Player.exe && icacls unins000.exe  
Player.exe BUILTIN\Administrators:(I)(F)  
NT AUTHORITY\SYSTEM:(I)(F)  
BUILTIN\Users:(I)(RX)  
NT AUTHORITY\Authenticated Users:(I)(M) <---------<<<  
  
Successfully processed 1 files; Failed processing 0 files  
unins000.exe BUILTIN\Administrators:(I)(F)  
NT AUTHORITY\SYSTEM:(I)(F)  
BUILTIN\Users:(I)(RX)  
NT AUTHORITY\Authenticated Users:(I)(M) <---------<<<  
  
Successfully processed 1 files; Failed processing 0 files  
`