LogicalBreach Academy

DLL side-loading vulnerability in Sony Music Center for PC Ver. 2.7.2 (Latest version) | Free Bug Bounty Writeup | LogicalBreach Academy

Writeups Cheatsheets Tools Collections Authors Noc Pricing

Back

OtherCVSS 7.3

DLL side-loading vulnerability in Sony Music Center for PC Ver. 2.7.2 (Latest version)

hackerone-reports

June 7, 2026

1 views

Save

€0

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/3355766 by resurrect20

Overview The application insecurely searches for the missing DLL file in system PATH environment, allowing an attacker with access to victim's local machine host to achieve arbitrary code execution by implanting a malicious DLL file in any PATH environment.

MITRE reference: https://attack.mitre.org/techniques/T1574/001/

Proof of Concept

Open Procmon and observe that the application searches for a missing DLL file named "z-bes.dll" in the system PATH variables (e.g. C:\Program Files\Git\cmd\z-bes.dll, C:\Users\████████\Desktop\tools\z-bes.dll etc)