← Advisories

Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC

High
Advisory ID
ZSL-2010-4979
Release Date
20 November 2010
Vendor
Native Instruments GmbH - http://www.native-instruments.com
Affected Version
4.1.3.4125 (Standalone)
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (English)
Summary

KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind.

Description

Kontakt Player 4 suffers from a buffer overflow vulnerability when parsing ".nki" files. The application fails in boundry checking of the user input resulting in a crash. The attacker can leverage from this scenario to exectute arbitrary code on the affected system. Failed attempts will result in denial of service.

Proof of Concept
kontakt4_bof.cTXT
Disclosure Timeline
17.11.2010Vulnerability discovered.
09.11.2010Contact with the vendor.
09.11.2010Vendor replies.
09.11.2010Explained to the vendor that we want to report a vulnerability.
09.11.2010Vendor answers in confusion.
09.11.2010Explained in details what this is all about.
10.11.2010Vendor informs the corresponding department and stated that if they're interested, they'll contact us.
18.11.2010Nobody gets in touch with us.
19.11.2010Informed the vendor that the public disclosure will occur on 20th of November.
20.11.2010Public advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/15582
[2]http://packetstormsecurity.org/files/96016
[3]http://securityreason.com/exploitalert/9538
[4]http://www.securityfocus.com/bid/44991
[5]http://www.vfocus.net/art/20101122/8270.html
Changelog
20.11.2010Initial release
22.11.2010Added reference [1], [2], [3] and [4]
24.11.2010Added reference [5]