The Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.
772fc0e677d082450dd9185bf46ea003b1ec398fd60589535bf373b0ed30300a