p2p news / p2pnet: In the continuing Big Music spyware saga, it seems the Mac version of SunnComm’s DRM for Sony BMG also has a security gap and it’s even worse than the Windows one.

The SunnComm MediaMax (not to be confused with Macrovision ; ) web-based uninstaller, "opens up a major security hole very similar to the one created by the web-based uninstaller for Sony’s other DRM, XCP," says Alex Halderman on Freedom to Tinker.

A malicious web site could use the SunnComm hole to take control of PCs where the uninstaller has been used, he says, going on:

"In fact, the the SunnComm problem is easier to exploit than the XCP uninstaller flaw."

But Halderman emphasises the SunnComm flaw doesn’t apply to CD software, "only to the uninstaller that SunnComm distributes separately for removing the CD software. So if you haven’t used the uninstaller, you’re not vulnerable to this flaw and you don’t need to do anything.

"If you visit the SunnComm uninstaller web page, you are prompted to accept a small software component – an ActiveX control called AxWebRemoveCtrl created by SunnComm. This control has a design flaw that allows any web site to cause it to download and execute code from an arbitrary URL. If you’ve used the SunnComm uninstaller, the vulnerable AxWebRemoveCtrl component is still on your computer, and if you later visit an evil web site, the site can use the flawed control to silently download, install, and run any software code it likes on your computer. The evil site could use this ability to cause severe damage, such as adding your PC to a botnet or erasing your hard disk.

"You can tell whether the vulnerable control is installed on your computer by using our AxWebRemoveCtrl detector.

"We have created a tool that will disable the control and/or block it from being installed. To apply our tool, download this file to a temporary location, then double click on the file’s icon in Windows. (Windows may ask you to confirm that you wish to add the information in the file to the system registry–choose “Yes.”) After the tool has been applied, you may delete the file you downloaded. The tool will take effect as soon as you close and restart Internet Explorer. We recommend that anyone who has used the SunnComm uninstaller run our tool as soon as possible.

"Unfortunately, if you use our tool to block the control, you won’t be able to use SunnComm’s current uninstaller to remove their software. It’s up to them to replace the flawed uninstaller with a safe one as soon as possible, and to contact those who have already used the vulnerable uninstaller with instructions for closing the hole."

Halderman points out that SunnComm will provide a tool to uninstall their software, "if users pester them enough" but, "Typically this requires at least two rounds of emails with the company’s support staff."

=================

First they ignore you, then they laugh at you, then they fight you, then you win

- Mohandas Gandhi

Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.

See:-
DRM for Sony BMG – Sony BMG DRM on Macs, November 11, 2005
not to be confused – SunnComm falls for p2pnet spoof, November 5, 2005
Freedom to Tinker – Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole, November 17, 2005

This entry was posted on Friday, November 18th, 2005 at 2:55 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1343 times