
during our attack we will focus on one of these utilities MicroSoft Cross-Platform Audio Creation Tool (XACT)
which is vulnerable to DLL Side-Loading
we need to have ProcMon Sysinternals to start monitoring specific Application with our modified filter strings . so we have to specific process name and ends of paths with results out put
so after we have successfully activated out filter , you will notice on status bar about capturing events mode activated .
Lets then open our application and explore the function to load a project file with extension `xap `
we have figured out that application is vulnerable when we are trying to open any xact3 project while our dll is placed on same directory
Exploitation POC
- create an empty project with extension
xap
- place your malicious dll with vulnerable name
xbdm.dll
- successfully exploited the vulnerability