Hi @ll, CWE-73: External Control of File Name or Path is a well-known and well-documented weakness. as well as demonstrate how to (ab)use just one instance of this weakness (introduced about 7 years ago with Microsoft Defender, so-called "security software") due to an environment variable in the (registered) path name of an executable file to gain execution of arbitrary code. But that's of course not the only instance of this VERY EASY to exploit weakness present in ALL versions of Windows since more than 30 (in words: THIRTY) years -- start a command processor and run the following command line to show about 20,000 instances of path names registered with (user- controlled) environment variables: REG.exe QUERY HKEY_LOCAL_MACHINE /C /D /F "%*%\\" /S stay tuned, and far away from the vulnerable crap made in Redmond Stefan Kanthak PS: just yesterday, Microsoft dared to publish , bragging "we've dedicated the equivalent of 34,000 full-time engineers to SFI-making it the largest cybersecurity engineering effort in history" What about dedicating the equivalent of just ONE full-time employee to every instance of just ONE ow Windows weaknesses?