Executive Summary

CVE-2026-50255 is a vulnerability in the Optical Disc Archive Software for Windows versions 5.5.3 and earlier, developed by Sony Corporation. It involves incorrect default permissions in the software's installers, which means that the file access permissions are improperly set.

Because of this issue, an attacker could exploit the vulnerability to execute arbitrary code with SYSTEM privileges on the affected system.

Useful 0 Not Useful 0

Impact Analysis

If this vulnerability is exploited, an attacker could run arbitrary code with SYSTEM privileges, which is the highest level of access on a Windows system.

This could lead to full control over the affected system, allowing the attacker to install programs, change or delete data, or create new accounts with full user rights.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves incorrect default permissions in the Optical Disc Archive Software for Windows versions 5.5.3 and earlier. Detection would focus on verifying the version of the installed software and checking the file access permission settings of the software's installers.

You can detect the presence of the vulnerable software by checking the installed version of Optical Disc Archive Software on your Windows system.

• Use PowerShell to check the installed version: Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object { $_.DisplayName -like '*Optical Disc Archive Software*' } | Select-Object DisplayName, DisplayVersion
• Check file permissions on the installer files to identify improper access rights that could be exploited.

Useful 0 Not Useful 0

Mitigation Strategies

The recommended immediate mitigation step is to update the Optical Disc Archive Software to the latest installer version provided by Sony Corporation.

Updating the software will correct the improper file access permission settings and prevent arbitrary code execution with SYSTEM privileges.

Useful 0 Not Useful 0