WavesSysSvc in Waves MAXXAudio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 18.104.22.168.
Learn More →
Requested an additional three weeks before we released publicly. A newer version was discovered to be deployed ("22.214.171.124").
5-20-2019 - Initial Disclosure to vendor 5-21-2019 - Vendor acknowledged vulnerability 6-2-2019 - Vendor asked for extended timeline of 3 additional weeks
Offensive Minded Security Exploit Development