Posted by Stefan Kanthak on Jun 18

Hi @ll,

the executable (un)installers for Flash Player before version
22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are
vulnerable to DLL hijacking: they load and execute multiple
Windows system DLLs from their “application directory” instead
of Windows’ “system directory” %SystemRoot%System32.

On Windows 7 and before they also (try to) load PCACli.dll and
API-MS-Win-Downlevel-Shell32-l1-1-0.dll from the…