Posted by Stefan Kanthak on Jan 31

Hi @ll,

Heimdal.SetupLauncher.exe, available from
<https://heimdalprodstorage.blob.core.windows.net/setup/Heimdal.SetupLauncher.exe>
is (surprise.-) vulnerable to DLL hijacking: it loads (at least)
WINSPOOL.DRV from its “application directory” instead Windows
“system directory”.

For downloaded applications like Heimdal.SetupLauncher.exe the
“application directory” is Windows’ “Downloads”…