Zero Science Lab » TDM Digital Signage PC Player 4.1 Insecure File Permissions

TDM Digital Signage PC Player 4.1 Insecure File Permissions

Title: TDM Digital Signage PC Player 4.1 Insecure File Permissions
Advisory ID: ZSL-2020-5604
Type: Local
Impact: Privilege Escalation
Risk: (2/5)
Release Date: 26.10.2020

Summary

With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more.

Description

TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

Vendor

TDM [Trending Digital Marketing] - https://www.tdmsignage.com

Affected Version

4.1.0.4

Tested On

Microsoft Windows 10 Home

Vendor Status

[23.09.2020] Vulnerability discovered.
[04.10.2020] Vendor contacted.
[05.10.2020] Vendor responds asking more details.
[05.10.2020] Sent details to the vendor.
[11.10.2020] Asked vendor for status update.
[25.10.2020] No response from the vendor.
[26.10.2020] Public security advisory released.

PoC

tdsignage_perm.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/159723/
[2] https://www.exploit-db.com/exploits/48953
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/190627

Changelog

[26.10.2020] - Initial release
[04.11.2020] - Added reference [1], [2] and [3]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk