Tor Browser Bundle installer subject to DLL hijacking

torbrowser-install-5.0.4.exe is vulnerable to DLL hijacking.

Create, e.g. shfolder.dll with a malicious DLL main and observe it runs when the tor installer is executed from the same downloads folder.

Trac:
Username: ericlaw

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information