X41 D-SEC GmbH Security Advisory: X41-2020-001

DLL Sideloading Vulnerability in Hasomed Elefant 20.01.01 Installer

Summary and Impact

The Hasomed Elefant installer Elefant200101DVD.exe loads the DLL DXGIDebug.dll when present in the same directory as the installer.
This allows an attacker to execute code in the process of the installer, when an attacker is able to e.g. trick the victim into downloading the DLL
file and having it in the same download folder as the installer.

Product Description

Hasomed Elefant allows you to manage a medical office and patients.


The DLL is loaded into the installer’s process space when started and code in this DLL is executed, which might be malicious and could install a backdoor
into the freshly installed software.

Proof of Concept

The failed loading can be easily identified by watching the process with ProcMon from the Sysinternals Suite.


About X41 D-SEC GmbH

X41 is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.

Fields of expertise in the area of application security are security centered code reviews, binary reverse engineering and vulnerability discovery. Custom research and a IT security consulting and support services are core competencies of X41.