← Advisories

Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability

Critical

Advisory ID

ZSL-2010-4976

Release Date

20 November 2010

Vendor

Native Instruments GmbH - http://www.native-instruments.com

Affected Version

4.1.3.4125 (Standalone)

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind.

Description

Kontakt Player 4 suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain libraries ("libjack.dll") from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening specific related files (.ncw, .nki, .nkm and .nks) from a network share.

Proof of Concept

kontakt4_dll.cTXT

Disclosure Timeline

06.11.2010Vulnerability discovered.

09.11.2010Contact with the vendor.

09.11.2010Vendor replies.

09.11.2010Explained to the vendor that we want to report a vulnerability.

09.11.2010Vendor answers in confusion.

09.11.2010Explained in details what this is all about.

10.11.2010Vendor informs the corresponding department and stated that if they're interested, they'll contact us.

18.11.2010Nobody gets in touch with us.

19.11.2010Informed the vendor that the public disclosure will occur on 20th of November.