I haven’t been able to find out if this is an OLD flaw that was just exploited or if this is something NEW in the way they designed Windows 7. Seems the media is not making this very clear. I don’t run windows 7. I have a bootcamp image of XP Pro SP3.
This is an old flaw that has risen its head again. Microsoft has changed the order of the search path for .dll files with the latest SPs. Windows will then search system folders first and then the current directory last. But if the name of the .dll is unique, it will still be found in the current directory, loaded, and executed as part of the application.