Posted by Stefan Kanthak on Mar 17

Hi @ll,

this multipart post does not require a MIME-compliant MUA.-)

Part 0:
~~~~~~~

On Windows 7 (other versions of Windows not tested for this
vulnerability, but are likely vulnerable too) all executable
installers/self-extractors based on Microsoft’s SFXCAB [*]
load and execute a rogue CryptDll.dll from their application
directory instead of %SystemRoot%System32CryptDll.dll.

For software downloaded with a web browser the application…