Hi @ll, the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for Windows load and execute several DLLs from their "application directory". * The online installer jxpiinstall.exe: UXTheme.dll and RASAdHlp.dll plus (on Windows XP) SetupAPI.dll, HNetCfg.dll and XPSP2Res.dll (on Windows Vista and above) ProfAPI.dll, Secur32.dll, NTMarta.dll and Version.dll * The offline installer jre-8u66-windows-i586.exe: UXTheme.dll, RASAdHlp.dll, NTMarta.dll, Secur32.dll, WinHTTP.dll, NetUtils.dll, ProfAPI.dll and WindowsCodecs.dll * VirtualBox-5.0.12-104815-Win.exe: UXTheme.dll, MSIHnd.dll and MSI.dll plus (on Windows XP) SFC_OS.dll, ClbCatQ.dll, XPSP2Res.dll, WS2_32.dll and WS2Help.dll (on Windows 7) PropSys.dll, ProfAPI.dll and DWMAPI.dll For software downloaded with a web browser the application directory is typically the user's "Downloads" directory: see , and for "prior art" about this well-known and well-documented vulnerability. Oracle published an advisory and new installers for Java SE today: Oracle published updated versions of VirtualBox on 2019-01-19: stay tuned Stefan Kanthak