funsec mailing list archives
Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 15 Nov 2005 11:09:31 -0500
http://www.freedom-to-tinker.com/?p=927 Over the weekend a Finish researcher named Muzzy noticed a potential vulnerability in the web-based uninstaller that Sony offers to users who want to remove the First4Internet XCP copy protection software. We took a detailed look at the software and discovered that it is indeed possible for an attacker to exploit this weakness. For affected users, this represents a far greater security risk than even the original Sony rootkit. The consequences of the flaw are severe. It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get. The root of the problem is a serious design flaw in Sony's web-based uninstaller. When you first fill out Sony's form to request a copy of the uninstaller, the request form downloads and installs a program - an ActiveX control created by the DRM vendor, First4Internet - called CodeSupport. CodeSupport remains on your system after you leave Sony's site, and it is marked as safe for scripting, so any web page can ask CodeSupport to do things. One thing CodeSupport can be told to do is download and install code from an Internet site. Unfortunately, CodeSupport doesn't verify that the downloaded code actually came from Sony or First4Internet. This means any web page can make CodeSupport download and install code from any URL without asking the user's permission. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Richard M. Smith (Nov 15)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Aditya Deshmukh (Nov 15)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Richard M. Smith (Nov 15)
- <Possible follow-ups>
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Hubbard, Dan (Nov 16)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Matt Jonkman (Nov 16)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Aditya Deshmukh (Nov 15)