Out of curiosity, does anyone understand why it was a good idea in the first place to have icons pointing to a DLL instead of having a static icon name or icon id?
This reminds me of how "hacking a computer" is depicted in a movie or in tv-series.<p>"All we need to do is attach this usb stick and we can download all the files from their computer"<p>Well, almost, at least.
I am assuming that the code being run is the DllMain which is normally called during LoadLibrary. The proper fix would have been to just map the DLL into memory <i>without</i> running DllMain, since that is not necessary to read the icons.
Its still so surprising to me that human error is still occurring in security. Surely, companies/organisations should provide training to stop them form being insecure.