Media

 # Exploit Title: Zortam Mp3 Media Studio 21.15 Insecure File Permissions Privilege Escalation
# Date: 23/09/2016
# Exploit Author: Tulpa
# Contact: [email protected]
# Author website: www.tulpa-security.com
# Vendor Homepage: http://www.zortam.com/
# Software Link: http://www.zortam.com/download.html
# Version: Software Version 21.15
# Tested on: Windows 10 Professional x64, Windows XP SP3 x86, Windows Server 2008 R2 x64
# Shout-out to carbonated and ozzie_offsec

1. Description:

Zortam Mp3 Media Studio installs by default to "C:\Program Files (x86)\Zortam Mp3 Media Studio\zmmspro.exe" with very weak file permissions granting any user full permission to the exe. This allows opportunity for code execution against any other user running the application.

2. Proof

C:\Program Files\Zortam Mp3 Media Studio>cacls zmmspro.exe
C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe BUILTIN\Users:F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
BUILTIN\Users:(ID)R

3. Exploit:

Simply replace zmmspro.exe and wait for execution.


Exploit Files ≈ Packet Storm

Saudi cyber experts held urgent talks on Tuesday after government facilities were hacked, official media reported.

The cyber attacks "in recent weeks targeted government institutions and vital installations in the kingdom," the Saudi Press Agency reported, without identifying the targeted agencies.

It said the kingdom's Cybersecurity Centre "held an urgent workshop with a number of parties" to discuss the results of its investigations.

The attacks originated abroad and subjected users' accounts to viruses which spy on information, it said.

Experts outlined how the attacks occurred and presented "necessary procedures to fix and to protect those sites", Saudi Press Agency said. It gave no indication as to the source of the hacking.

In June a major Saudi newspaper said hackers briefly seized control of its website to publish false information.

Four years ago, a damaging malware assault hit the state oil company Saudi Aramco. US intelligence officials believed it was linked to Iran.

view counter

© AFP 2016

Tags:


SecurityWeek RSS Feed