Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TDM Digital Signage PC Player 4.1 Insecure File Permissions

🗓️ 26 Oct 2020 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 139 Views

TDM Digital Signage PC Player 4.1 privilege escalation vulnerability due to insecure file permission

Related
Code
<html><body><p>TDM Digital Signage PC Player 4.1 Insecure File Permissions


Vendor: TDM [Trending Digital Marketing]
Product web page: https://www.tdmsignage.com
                  https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y
Affected version: 4.1.0.4

Summary: With TDM you can do a lot more than just show Digital Signage.
With our Enterprise-Grade software you open the door to Interactive Signage,
Analytics, Proof of Play and a lot more.

Desc: TDM Digital Signage Windows Player suffers from an elevation of
privileges vulnerability which can be used by a simple authenticated
user that can change the executable file with a binary of choice. The
vulnerability exist due to the improper permissions, with the 'M' flag
(Modify) or 'C' flag (Change) for 'Authenticated Users' group.

Tested on: Microsoft Windows 10 Home


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2020-5604
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php

23.09.2020

--


C:\&gt;icacls TDMSignage
TDMSignage BUILTIN\Administrators:(I)(OI)(CI)(F)
           NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
           BUILTIN\Users:(I)(OI)(CI)(RX)
           NT AUTHORITY\Authenticated Users:(I)(M)              &lt;---------&lt;&lt;&lt;
           NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)  &lt;---------&lt;&lt;&lt;

Successfully processed 1 files; Failed processing 0 files

C:\TDMSignage&gt;dir /b *.exe
Player.exe
unins000.exe

C:\TDMSignage&gt;icacls Player.exe &amp;&amp; icacls unins000.exe
Player.exe BUILTIN\Administrators:(I)(F)
           NT AUTHORITY\SYSTEM:(I)(F)
           BUILTIN\Users:(I)(RX)
           NT AUTHORITY\Authenticated Users:(I)(M)              &lt;---------&lt;&lt;&lt;

Successfully processed 1 files; Failed processing 0 files
unins000.exe BUILTIN\Administrators:(I)(F)
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Users:(I)(RX)
             NT AUTHORITY\Authenticated Users:(I)(M)            &lt;---------&lt;&lt;&lt;

Successfully processed 1 files; Failed processing 0 files
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Oct 2020 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 48.5
CVSS 3.18.8
EPSS0.00043
SSVC
tdm digital signagepc player 4.1privilege escalationinsecure file permissionswindows 10vendor statusvulnerability discoveredpublic advisory
139