← Advisories

Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability

High

Advisory ID

ZSL-2010-4977

Release Date

20 November 2010

Vendor

Native Instruments GmbH - http://www.native-instruments.com

Affected Version

1.2.6.8491 (Standalone)

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

TRAKTOR PRO is the new benchmark in DJ software. Mix digital files on four decks, using the high-quality internal mixer or external hardware, and the best effects suite around. Fully primed for professional use, TRAKTOR PRO redefines the art of DJing.

Description

Desc: Traktor Pro suffers from a stack buffer overflow vulnerability when parsing playlist files (.nml) resulting in a crash. The user input is not properly sanitized which may give the attackers the possibility for an arbitrary code execution on the affected system. Failure of exploitation may result in a denial of service.

	 (4418.4608): Stack overflow - code c00000fd (first/second chance not available)
 eax=14250000 ebx=001cc168 ecx=00000007 edx=7c90e514 esi=001cc140 edi=001cc198
 eip=7c90e514 esp=0ff5e4e4 ebp=0ff5e4f4 iopl=0         nv up ei pl zr na pe nc
 cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
 *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
 ntdll!KiFastSystemCallRet:
 7c90e514 c3              ret

Proof of Concept

traktor_bof.plTXT

Disclosure Timeline

09.11.2010Vulnerability discovered.

09.11.2010Contact with the vendor.

09.11.2010Vendor replies.

09.11.2010Explained to the vendor that we want to report a vulnerability.

09.11.2010Vendor answers in confusion.

09.11.2010Explained in details what this is all about.

10.11.2010Vendor informs the corresponding department and stated that if they're interested, they'll contact us.

18.11.2010Nobody gets in touch with us.

19.11.2010Informed the vendor that the public disclosure will occur on 20th of November.