Hi @ll, the executable installers of "Pelle's C", and, , available from , are vulnerable to DLL hijacking: they load (tested on Windows 7) at least the following DLLs from their "application directory" instead Windows' "system directory": Version.dll, MSI.dll, UXTheme.dll, DWMAPI.dll, RichEd20.dll and CryptBase.dll See , , , and for this well-known and well-documented vulnerability^WBEGINNER'S ERROR! For programs downloaded from the internet the "application directory" is typically the user's "Downloads" directory; see and If one of the DLLs named above is placed in the users "Downloads" directory (for example per "drive-by download") this vulnerability becomes a remote code execution. JFTR: there is ABSOLUTELY no need for executable installers on Windows! DUMP THIS CRAP! JFTR: naming a program "Setup.exe" is another beginner's error: Windows' does some VERY special things when it encounters this filename! Mitigations: ~~~~~~~~~~~~ * Don't use executable installers! NEVER! Don't use self-extractors! NEVER! See and plus alias for more information. * Add an ACE "(D;OIIO;WP;;;WD)" to the ACL of every "%USERPROFILE%"; use to decode it to "deny execution of files in this directory for everyone, inheritable to all files in all subdirectories". stay tuned Stefan Kanthak Timeline: ~~~~~~~~~ 2017-01-05 sent vulnerability report to author no reply, not even an acknowledgement of receipt 2017-01-13 resent vulnerability report to author no reply, not even an acknowledgement of receipt 2017-01-21 report published