← Advisories

TDM Digital Signage PC Player 4.1 Insecure File Permissions

Low
Advisory ID
ZSL-2020-5604
Release Date
26 October 2020
Vendor
TDM [Trending Digital Marketing] - https://www.tdmsignage.com
Affected Version
4.1.0.4
CVE
CVE-2020-36916
Tested On
Microsoft Windows 10 Home
Summary

With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more.

Description

TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

Proof of Concept
tdsignage_perm.txtTXT
Disclosure Timeline
23.09.2020Vulnerability discovered.
04.10.2020Vendor contacted.
05.10.2020Vendor responds asking more details.
05.10.2020Sent details to the vendor.
11.10.2020Asked vendor for status update.
25.10.2020No response from the vendor.
26.10.2020Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/159723/
[2]https://www.exploit-db.com/exploits/48953
[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/190627
[4]https://www.cve.org/CVERecord?id=CVE-2020-36916
Changelog
26.10.2020Initial release
04.11.2020Added reference [1], [2] and [3]
24.03.2026Added reference [4]