← Advisories

Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

Critical
Advisory ID
ZSL-2010-4975
Release Date
20 November 2010
Vendor
Native Instruments GmbH - http://www.native-instruments.com
Affected Version
2.2.5 (R596)
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (English)
Summary

The NI Service Center is a service used for Product Activation.

Description

The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain libraries ("schannel.dll") from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening an activation return file (.naf) from a network share.

Proof of Concept
scenter_dll.cTXT
Disclosure Timeline
06.11.2010Vulnerability discovered.
09.11.2010Contact with the vendor.
09.11.2010Vendor replies.
09.11.2010Explained to the vendor that we want to report a vulnerability.
09.11.2010Vendor answers in confusion.
09.11.2010Explained in details what this is all about.
10.11.2010Vendor informs the corresponding department and stated that if they're interested, they'll contact us.
18.11.2010Nobody gets in touch with us.
19.11.2010Informed the vendor that the public disclosure will occur on 20th of November.
20.11.2010Public advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[2]http://packetstormsecurity.org/files/96001
[3]http://www.securityfocus.com/bid/44989
[4]http://xforce.iss.net/xforce/xfdb/61321
Changelog
20.11.2010Initial release
22.11.2010Added reference [1], [2] and [3]
24.11.2010Added reference [4]