Hi @ll, the executable installer for Microsoft's Visual Studio 2015 Community Edition, available from <https://www.visualstudio.com/>, is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1 it loads the following DLLs from its "application directory" instead of Windows' "system directory": Version.dll, AppHelp.dll, NTMARTA.dll, CryptSP.dll, RPCRTRemote.dll Additionally it loads API-MS-Win-Downlevel-ShlWAPI-L2-1-0.dll from the PATH. See <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0148> or <https://technet.microsoft.com/library/security/MS16-041> and <https://www.securify.nl/advisory/SFY20160201/_net_framework_4_6_allows_side_loading_of_windows_api_set_dll.html> for a similar vulnerability. stay tuned Stefan Kanthak Timeline: ~~~~~~~~~ 2016-06-01 sent vulnerability report to vendor plus US-CERT NO RESPONSE from vendor, not even an acknowledgement of receipt 2016-06-07 US-CERT tells me that Microsoft informed them that they won't act on this report still no response from vendor 2016-07-01 report published