← Advisories

Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability

Critical

Advisory ID

ZSL-2010-4974

Release Date

20 November 2010

Vendor

Native Instruments GmbH - http://www.native-instruments.com

Affected Version

5.5.1 (R10584) or 5.5.1.10584 (Standalone)

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous.

Description

Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain libraries ("libjack.dll") from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening specific related files (.ens, .ism, .map, .mdl, .ntf, .rcc, .rcm, .rkplr and .ssf) from a network share.

Proof of Concept

reaktor5_dll.cTXT

Disclosure Timeline

06.11.2010Vulnerability discovered.

09.11.2010Contact with the vendor.

09.11.2010Vendor replies.

09.11.2010Explained to the vendor that we want to report a vulnerability.

09.11.2010Vendor answers in confusion.

09.11.2010Explained in details what this is all about.

10.11.2010Vendor informs the corresponding department and stated that if they're interested, they'll contact us.

18.11.2010Nobody gets in touch with us.

19.11.2010Informed the vendor that the public disclosure will occur on 20th of November.