---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: dBpowerAMP Music Converter Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA15118 VERIFY ADVISORY: http://secunia.com/advisories/15118/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: dBpowerAMP Music Converter 10.x http://secunia.com/product/3975/ dBpowerAMP Music Converter 11.x http://secunia.com/product/4991/ DESCRIPTION: fRoGGz has discovered a vulnerability in dBpowerAMP Music Converter, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a combination of weak default directory permissions and "auxiliary.exe" invoking the "sndvol32.exe" utility insecurely when configuring the input source. This can be exploited to execute arbitrary code with the privileges of another user by placing a malicious "sndvol32.exe" file in the application's "dBpowerAMP" directory. Successful exploitation requires that a user configures the input source and that the application has been installed in a non-default location (not as a subdirectory to the "Program Files" directory). The vulnerability has been confirmed in version 11.0. Other versions may also be affected. SOLUTION: Do not install the application in a non-default location, or copy the "sndvol32.exe" utility to the "dBpowerAMP" directory. PROVIDED AND/OR DISCOVERED BY: fRoGGz, SecuBox Labs ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------