DRM causes vulnerabilities

This image is from Microsoft's DRM page.

We often hear people touting the evilness of DRM, but usually they are talking about the idea of ownership. In this case, DRM is actually causing harm. It turns out that Microsoft’s msnetobj.dll, which is supposed to enforce DRM on your computer, stopping you from doing certain things like saving files you don’t “own” is open to 3 attacks. ¬†Vulnerable to buffer overflow, integer overflow, and denial of service, this sucker is riddled with issues.

The vulnerabilities in this file aren’t groundbreaking. Buffer overflow is a common method to get to many systems. The problem here, according to some commenters at BoingBoing, is the fact that this DLL is called every time you open a media file.

[via BoingBoing]

Comments

  1. Alexander Rossie says:

    Why is this on HaD?

    Also RIP milw0rm.com =]

  2. AS says:

    Luckily, nobody here would use such a ridiculous system. Right?

  3. DiRWiN says:

    its on hackaday because they forgot they arent SlashDot again

  4. Amtal says:

    A bit more detail about when the faulty DLL gets used would be interesting.

  5. m!nus says:

    Write a virus that uses this vuln and let it remove all DRM-stuff it finds :D

    Also, milw0rm has been dead for about a year.

  6. Osgeld says:

    “its on hackaday because they forgot they arent SlashDot again”

    well to be fair slashdot is too busy forgetting they are not macworld so someone has to do it

  7. Zotty says:

    “… the fact that this DLL is called every time you open a media file”

    Then don’t use a player that uses that DLL ;)

    Btw, what does this have to do with hacking?

  8. FDP says:

    Anyone else remember when Sony opened up PCs to rootkits with their ridiculous music DRM a while back…

  9. Badger says:

    Why don’t one of you guys write a fix/ exploit for M$’ msnetobj.dll instead of complaining why its here, and give Hack-a-day something more to post about?

  10. jeditalian says:

    OMG someone please code a new msnetobj.dll because i don’t want to be able to possess any music that i didn’t pay for and thus legally own the right to play in my own home or car, as long as it is not duplicated and played at a volume where someone who didn’t pay for the song might hear it.
    Damn Radio Music.

  11. jeditalian says:

    idk what milw0rm is but i use btjunkie.org for my legal torrenting pleasure and they seem to have been under attack recently or maybe it really is just massive server load from all the traffic that moved to btjunkie after tpb and the others got shutdown. i never used any of the ones that got shutdown anyway

  12. Nick says:

    TPB is online…?

  13. Anon says:

    Awwww yaaaaa, metasploit payload on its way comrades, keep up the good work!

  14. jeditalian says:

    yeah it does seem to be online. idk my friend said they got shut down & novatorrent or some shit but i never used TPB because of all the bullshit, i can deal with 2 ads and the ease of use of btjunkie, plus its easier to distinguish real from fake

  15. infinitemayhem says:

    TPB didn’t get shut down. thepiratecity.org was the one that was shut down

  16. gregman_1 says:

    “Why is this on HaD?”

    Because HaD remembered they aren’t arduinohacks.com

  17. M4CGYV3R says:

    Ok, so you can overflow the buffer…

    How is that an exploit? Can I execute code or get remote access?

  18. ejonesss says:

    M4CGYV3R her you can remote access.

    remember code red from 2000 and 2001? it was the string from byte 256 or 257 and on in a web page url.

    the iis servers did not check the length of the buffer.

    now that has been solved because sites like ebay allows very long urls by the time you get lots of excluded keywords in there.

    so why couldnt they do it again and check the length of the buffer whether it is a text entry field like this comment box or the length of the file and not allow it to run.

  19. sexiewasd says:

    It’s funny really, I can’t seam to find msnetobj.dll on my computer, maybe it’s hiding in /lib?

  20. monkeyslayer56 says:

    @sexiewasd
    i did a “locate msnetobj.dll” and still can’t seam to find it either

  21. spit says:

    @sexiwasd
    Are you running as root?
    Maybe you should try running updatedb first?
    If you still can’t find it I’ll bet Richard Bloody Stallman stole it!

  22. spit says:

    @sexiwasd
    try
    #updatedb
    first
    if it still doesn’t turn up – blame Richard Stallman

  23. rallen71366 says:

    @spit – That’s St. Stallman to you! :)

  24. Whatnot says:

    As for not finding it, w7 is particularly authoritarian in hiding files, it’s located in windows/system32 as well as windows/syswow64 if you run a 64bit flavor.

    And as for not using a player that uses it, that would not work since then you still have the preview icon that’s created by windows, so you’d have to remove previews again (again since windows had a similar issues twice already)
    And even then, most players that have their own codecs still fall back to windows stuff when meeting some formats.

    I have my own question to add: Did anybody at MS ever code anything with some kind of check on the input to stop buffer overflow? Or did gates fire you if you showed competence?

    @spit He’d delete it not steal it.

  25. RexOfRome says:

    Another good reason to switch to Linux. On my last computer build I used Ubuntu and then I switched my server to Debian. Next I switched my kitchen computer to Linux Mint and I am now Microsoft free. There was a big learning curve after running Windows for so many years so I look at that as a “hack”. Well worth the effort, give it a try.

  26. ray says:

    for the love of god!!! … stop posting this …

    they will fix it.. muahahahha :P

    or we think

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,625 other followers