Waves MaxxAudio | Privilege Escalation Vulnerability | Security Research Waves MaxxAudio | Privilege Escalation Vulnerability | Security Research

Home  |  Research  |  Resources  |  Advisories  |  Waves MaxxAudio

Waves MaxxAudio

Privilege Escalation

CVE ID

CVE-2019-13208

VENDOR

Waves

PRODUCT

Waves MaxxAudio

Product version

1.9.29.0

Vulnerability Details

WavesSysSvc in Waves MAXXAudio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0.

Learn More →

Vendor response

Requested an additional three weeks before we released publicly. A newer version was discovered to be deployed ("1.9.30.0").

Disclosure timeline

5-20-2019 - Initial Disclosure to vendor
5-21-2019 - Vendor acknowledged vulnerability
6-2-2019 - Vendor asked for extended timeline of 3 additional weeks

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos