image

during our attack we will focus on one of these utilities MicroSoft Cross-Platform Audio Creation Tool (XACT) which is vulnerable to DLL Side-Loading we need to have ProcMon Sysinternals to start monitoring specific Application with our modified filter strings . so we have to specific process name and ends of paths with results out put

so after we have successfully activated out filter , you will notice on status bar about capturing events mode activated . Lets then open our application and explore the function to load a project file with extension `xap ` we have figured out that application is vulnerable when we are trying to open any xact3 project while our dll is placed on same directory

Exploitation POC

  • create an empty project with extension xap
  • place your malicious dll with vulnerable name xbdm.dll
  • successfully exploited the vulnerability