Vulnerabilities > CVE-2005-3474 - Local Security vulnerability in First4internet Xcp Content Management

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

sony

NVD

Published: 2005-11-03

Updated: 2008-09-05

Summary

The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.

Vulnerable Configurations

Part	Description	Count
Application	Sony Sony First4Internet XCP Content Management *	1

References

http://secunia.com/advisories/17408
http://securitytracker.com/id?1015145
http://www.osvdb.org/20435
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html