Posted by Stefan Kanthak on Feb 25

Hi @ll,

executable installers [°] created with InstallShield (see
<http://www.flexerasoftware.com/producer/products/software-installation/installshield-software-installer/>
alias <http://installshield.com/>) are vulnerable:

1. Their wrappers/self-extractors load and execute a rogue/bogus/
malicious RichEd32.dll [‘] (and other DLLs too, dependent on
the version of Windows) eventually found in the directory they
are…