|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
dBpowerAMP contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused due to weak default directory permissions and is triggered when "auxiliary.exe" invokes the "sndvol32.exe" utility when configuring the input source, allowing a local attacker to execute arbitrary code on the system with elevated privileges and leading to a loss of integrity. In order to exploit this vulnerability, the application must have been installed in a non-default location.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
As a workaround, ensure the dBpowerAMP Music Converter is not installed in a non-default location or copy the sndvol32.exe utility to the dBpowerAMP directory.
|
|
Products |
|
dbPowerAmp Music Converter
 |
11.0 |
|
|
|
|
|
Credit |
- fRoGGz - unsecure
 writeme.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
