OSVDB ID: 20435

Title: Sony CD First4Internet XCP DRM aries.sys Local File/Process Manipulation

Info

Disclosure

Oct 31, 2005

Discovery

Unknown

Dates

Exploit

Oct 31, 2005

Solution

Unknown

Description

The First4Internet XCP DRM software used to playback Sony copy-protected music CDs contains a flaw that may allow a malicious user to arbitrary manipulate local files and processes. The problem is that the 'aries.sys' driver hides any files, registry keys and/or processes with a name that starts with '$sys$', which may allow a malicious user to hide certain activities on a system that uses XCP resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, First 4 Internet has released a patch to address this vulnerability. It is reported that this patch still does not allow a user to uninstall the First4Internet software though.

Products

First 4 Internet Ltd.

XCP AURORA

Unknown or Unspecified

References

Security Tracker: 1015145
Secunia Advisory ID: 17408
CVE ID: 2005-3474 (see also: NVD)
Vendor Specific Solution URL: http://cp.sonybmg.com/xcp/english/updates.html
http://updates.xcp-aurora.com/
News Article: http://www.baum.com.au/~jiri/ae/blog/01132660259
Other Advisory URL: http://www.europe.f-secure.com/v-descs/xcp_drm.shtml
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid76345
Vendor URL: http://www.sonybmg.com/
http://www.xcp-aurora.com/

Credit

Mark Russinovich - marksysinternals.com - SysInternals

Direct URL: http://osvdb.org/36218