Posted by Stefan Kanthak on Dec 09

Hi @ll,

executable installers [°] created with JRSoft InnoSetup
(see <http://jrsoftware.org/isinfo.php>; this includes of course
InnoSetup itself too) are vulnerable:

1. They load and execute a rogue/bogus/malicious UXTheme.dll [‘]
eventually found in the directory they are started from (the
“application directory”).

For software downloaded with a web browser this is typically the
“Downloads”…