Tor Browser Bundle installer subject to DLL hijacking
torbrowser-install-5.0.4.exe is vulnerable to DLL hijacking.
Create, e.g. shfolder.dll with a malicious DLL main and observe it runs when the tor installer is executed from the same downloads folder.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information