Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability

Title: Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability
Advisory ID: ZSL-2010-4976
Type: Local/Remote
Impact: System Access
Risk: (5/5)
Release Date: 20.11.2010
KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind.
Kontakt Player 4 suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain libraries ("libjack.dll") from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening specific related files (.ncw, .nki, .nkm and .nks) from a network share.
Native Instruments GmbH -
Affected Version (Standalone)
Tested On
Microsoft Windows XP Professional SP3 (English)
Vendor Status
[06.11.2010] Vulnerability discovered.
[09.11.2010] Contact with the vendor.
[09.11.2010] Vendor replies.
[09.11.2010] Explained to the vendor that we want to report a vulnerability.
[09.11.2010] Vendor answers in confusion.
[09.11.2010] Explained in details what this is all about.
[10.11.2010] Vendor informs the corresponding department and stated that if they're interested, they'll contact us.
[18.11.2010] Nobody gets in touch with us.
[19.11.2010] Informed the vendor that the public disclosure will occur on 20th of November.
[20.11.2010] Public advisory released.
Vulnerability discovered by Gjoko Krstic - <>
[20.11.2010] - Initial release
[22.11.2010] - Added reference [1], [2], [3] and [4]
[24.11.2010] - Added reference [5]
[27.11.2010] - Added reference [6]
Zero Science Lab