LogicalBreach Academy

DLL side-loading vulnerability in Sony Music Center for PC Ver. 2.7.2 (Latest version) | Free Bug Bounty Writeup | LogicalBreach Academy

Writeups Cheatsheets Tools Collections Authors Noc Pricing

Back

Uncontrolled Search Path ElementCVSS 7.3Medium

DLL side-loading vulnerability in Sony Music Center for PC Ver. 2.7.2 (Latest version)

hackerone-reports

April 4, 2026

13 views

Save

€0

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/3355766 by resurrect20

Overview The application insecurely searches for the missing DLL file in system PATH environment, allowing an attacker with access to victim's local machine host to achieve arbitrary code execution by implanting a malicious DLL file in any PATH environment.

MITRE reference: https://attack.mitre.org/techniques/T1574/001/

Proof of Concept

Open Procmon and observe that the application searches for a missing DLL file named "z-bes.dll" in the system PATH variables (e.g. C:\Program Files\Git\cmd\z-bes.dll, C:\Users\supra\Desktop\tools\z-bes.dll etc)

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

hackerone-reports

€799 Documented

Profile →

Discussion

No comments yet.

Be the first to share your thoughts

Premium writeups about bug bounty hunting and web security.
Written by real security researchers.

Navigation

Writeups Cheatsheets Tools Authors Noc Pricing

Contactcontact@logicalbreach.com

RSS FeedPrivacy PolicyTerms of Service