Sony DRM Woes Continue
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Sony DRM Woes Continue

Written By
Larry Loeb
Larry Loeb
Dec 12, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

While I have had my fill of Sony DRM and all the screaming that has gone on around it (though it still gives me a chuckle when I see a breathless story in some second-tier MSM newspaper about “Copy Protection on Sony CDs” that is both outdated and inaccurate) there was actually a new wrinkle going on in the last week.

Remember the MediaMax DRM that didnt get as much attention as the other XCP DRM used by Sony during the first wave of screaming and yelling? Well, it seems SunnComms little child has a problem when dealing with Windows.

There are insecure default directory ACLs being set on the “SunnComm Shared” directory, which allow any local user full and total access to the directory. “So what?” you ask. Well, non-administrative users can modify the installed files in the directory because of this. If they are of a mind to do so, these users can potentially gain escalated privileges by (for example) replacing the MMX.exe program with a malicious (and privilege-escalating) program. The MMX.exe program will be automatically executed when another user inserts a MediaMax protected CD.

Changing the directory ACL manually is reportedly non-effective. The reason is that the insecure permissions will be restored the next time a MediaMax-protected CD is played.

The security issue has been reported in version 5.0.21.0, and prior versions may also be affected. Sony has a program that they say will fix the damage done to your machine. You may wish to document any further damage that this new program does to your machine for inclusion in your future lawsuit.

Hardened-PHP finds more stuff

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Stefan Esser of the Hardened-PHP project found a huge problem with it, though. In their advisory, Esser noted, “phpMyAdmin comes with a register_globals emulation layer within grab_globals.php, to ensure compatibility with hosts where this feature is turned off. This layer was heavily modified for the release of phpMyAdmin 2.7.0. One of the major changes is that the blacklist of variables that may not be overwritten by the emulation layer is now stored in a global variable.”

/zimages/1/28571.gifRead the full story on Security IT Hub:Sony DRM Woes Continue
Larry Loeb
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information