Impact
Sony Optical Disc Archive Software for Windows contains an improper default permission setting that allows write access to protected system files or directories. By exploiting this flaw, an attacker can run arbitrary code with SYSTEM privileges. The impact is a full compromise of the host operating system, granting confidentiality, integrity, and availability control to the attacker.
Affected Systems
Sony Corporation's Optical Disc Archive Software for Windows versions 5.5.3 and earlier are affected. Later releases that correct the default permission settings are not impacted.
Risk and Exploitability
The CVSS score of 5.4 indicates a moderate severity, while an EPSS score of less than 1% suggests that widespread exploitation is unlikely at present. The software is not listed in the CISA KEV catalog, further reducing immediate concern. The vulnerability likely requires local user or process access with file write capability to the privileged locations affected by the default permissions. No public exploit has been reported, but the potential for SYSTEM privilege escalation means that Administrators should treat this as a noteworthy risk if the vulnerable version is in use.
OpenCVE Enrichment