Posted by Stefan Kanthak on Nov 27
Hi @ll,
almost all executable installers (and self-extractors as well
as “portable” applications too) for Windows have a well-known
(trivial, trivial to detect and trivial to exploit) vulnerability:
they load system DLLs from their “application directory” (or a
temporary directory they extract their payload to) instead of
“%SystemRoot%System32”.