High
resolved
resolved
DLL side-loading vulnerability in Sony Music Center for PC Ver. 2.7.2 (Latest version)
Bug reported by Suphawith Phusanbai was disclosed at June 5, 2026, 9:10 am | Uncontrolled Search Path Element
A DLL side-loading vulnerability was discovered in Sony Music Center for PC Ver. 2.7.2. The application insecurely searched for a missing DLL file in the system PATH environment, allowing an attacker with access to the victim's local machine to achieve arbitrary code execution by placing a malicious DLL file in the PATH. The vulnerability was referenced in the MITRE ATT&CK framework.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
