Description
Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.
Published: 2026-06-16
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sony Optical Disc Archive Software for Windows contains an improper default permission setting that allows write access to protected system files or directories. By exploiting this flaw, an attacker can run arbitrary code with SYSTEM privileges. The impact is a full compromise of the host operating system, granting confidentiality, integrity, and availability control to the attacker.

Affected Systems

Sony Corporation's Optical Disc Archive Software for Windows versions 5.5.3 and earlier are affected. Later releases that correct the default permission settings are not impacted.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity, while an EPSS score of less than 1% suggests that widespread exploitation is unlikely at present. The software is not listed in the CISA KEV catalog, further reducing immediate concern. The vulnerability likely requires local user or process access with file write capability to the privileged locations affected by the default permissions. No public exploit has been reported, but the potential for SYSTEM privilege escalation means that Administrators should treat this as a noteworthy risk if the vulnerable version is in use.

Generated by OpenCVE AI on June 17, 2026 at 22:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Sony patch or upgrade to a version newer than 5.5.3 that corrects the default permissions issue
  • If an upgrade is not possible, uninstall Optical Disc Archive Software to eliminate the privilege exposure
  • Ensure that system directories accessed by the software have permissions that restrict write access to authorized accounts only, and monitor for abnormal write activity or execution of unexpected processes

Generated by OpenCVE AI on June 17, 2026 at 22:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in Sony Optical Disc Archive Software via Default Permissions

Tue, 16 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in Sony Optical Disc Archive Software via Default Permissions

Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Sony
Sony optical Disc Archive Software
Vendors & Products Sony
Sony optical Disc Archive Software

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Description Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.
Weaknesses CWE-276
References
Metrics cvssV3_0

{'score': 6.7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Sony Optical Disc Archive Software
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-06-16T12:34:57.652Z

Reserved: 2026-06-09T00:32:32.515Z

Link: CVE-2026-50255

cve-icon Vulnrichment

Updated: 2026-06-16T12:34:45.914Z

cve-icon NVD

Status : Deferred

Published: 2026-06-16T06:16:58.180

Modified: 2026-06-16T15:40:10.107

Link: CVE-2026-50255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T23:00:14Z

Weaknesses
  • CWE-276

    Incorrect Default Permissions