HomeAdvisoriesWaves MaxxAudio

Waves MaxxAudio

Privilege Escalation

Previous AdvisoryNext Advisory

CVE ID

CVE-2019-13208

Vendor

Waves

Product

Waves MaxxAudio

Product Version

1.9.29.0

Vulnerability Details

WavesSysSvc in Waves MAXXAudio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0.

Learn more

Vendor Response

Requested an additional three weeks before we released publicly. A newer version was discovered to be deployed (“1.9.30.0”).

Disclosure Timeline

20.05.2019
Initial Disclosure to vendor
21.05.2019
Vendor acknowledged vulnerability
02.06.2019
Vendor asked for extended timeline of 3 additional weeks

Previous AdvisoryNext Advisory

Integrating Threat Modeling Throughout Your Enterprise

Offensive Security

DevSecOps

IRM Services

Threat Intelligence

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

Who We Are

Waves MaxxAudio

CVE ID

Vendor

Product

Product Version

Vulnerability Details

Vendor Response

Disclosure Timeline