Posted by Stefan Kanthak on Dec 09

Hi @ll,

executable (un)installers [°] created with Nullsoft Scriptable Install
System (NSIS, see <http://nsis.sourceforge.net/>; for some of its
victims see <http://nsis.sourceforge.net/users>) are vulnerable:

1. They load and execute a rogue/bogus/malicious ShFolder.dll [‘][²]
(and other DLLs like SetupAPI.dll or UXTheme.dll too) eventually
found in the directory they are started from (the “application…