Posted by Stefan Kanthak on Jan 15

Hi @ll,

the executable installers of SoftMaker’s FlexiPDF,
<http://www.softmaker.net/down/flexipdf2017.exe> and
<http://www.softmaker.net/down/flexipdfbasic2017.exe>, built
with the crapware known as “InnoSetup”, are vulnerable to DLL
hijacking: they load Windows DLLs from their “application
directory” instead Windows’ “system directory”: on Windows 7
at least UXTheme.dll and DWMAPI.dll.

This…