The developer has to do some really stupid programming in order for this to work. Normally programs look for DLLs in their own program folder, a known shared DLL folder, or in the system32 folder. Normally browsers can be made to save on the desktop, my documents, or a download folder. The guy was able to exploit IE on this because IE actually looked in the desktop for DLL files. Huh? Some developer at Microsoft needs to be slapped, same for the developers of any of these other apps who did similiar things.
Well, that practice was not a problem back in the days when a Windows PC was a stand-alone machine without a connection to a network. But that is precisely the problem today when most computers are connected to a network. Even Microsoft still has applications that look in the current directory for .dll files. An operating system should not let a programmer do that in the first place.
Microsoft could patch Windows so that it will not look in the current directory. But then a lot of programs that depend on this feature will break. So, in the meantime, developers and vendors will have to rewrite their applications. At some point in the future, probably a few years from now, Microsoft will have to break backward compatibility.
This is a MAJOR flaw. I mean, it’s below OS level error, it’s systemic. Every program calls and looks for dll’s. And it seems their is no “special” place for them, you can look on your desktop!
WOW!
So much for the late great Windows 7....