Loading
search-img
Title
Windows loads a different library or launches a different executable than was intended by the author of an InstallAnywhere setup launcher executable

Summary

Several issues can, under very specific conditions, cause Windows to load a different library or launch a different executable than was intended by the author of a setup launcher executable.

Synopsis

Several issues can, under very specific conditions, cause Windows to load a different library or launch a different executable than was intended by the author of a setup launcher executable.

Referencing a library by less than its full path. Example: requesting to load the library,
schannel.dll
instead of,
C:\Windows\System32\schannel.dll
This can cause a DLL Preloading issue. If there is a library with the name earlier in the search path than the intended library, the unintended library will be loaded.


Referencing an executable by less than its full path. Example: requesting to launch the executable,
wmplayer.exe
instead of,
?C:\Program Files\Windows Media Player\wmplayer.exe?
This can cause a Binary Planting issue. If there is an executable with the name wmplayer.exe earlier in the search path than the intended executable, the unintended executable will be launched.


Referencing an executable by its full path, but not quoting that full path when it contains space characters. Example: requesting to launch the executable,
C:\Program Files\Windows Media Player\wmplayer.exe
instead of,
?C:\Program Files\Windows Media Player\wmplayer.exe?
This can cause an Unquoted Path issue. If there is an executable with one of the following names (in quotes), that unintended executable will be launched instead of the intended executable. The other parts of the path will be mistaken as parameters:
?C:\Program.exe? Files\Windows Media Player\wmplayer.exe
?C:\Program Files\Windows.exe? Media Player\wmplayer.exe
?C:\Program Files\Windows Media.exe? Player\wmplayer.exe

This is usually called an Unquoted Service Path issue because even though a programmer can forget to put quotes around the path when launching any executable in any context, this happens most often when a setup author configures a service to be started by Windows and forgets to quote the service?s path.


Naming an executable setup.exe


Discussion

For a computer to be affected by these issues, an unauthorized person must (a) be able to place a library or executable on the computer, (b) choose the correct name of the library or executable, and (c) in some cases precisely time the placement.

If the unauthorized person?s access allows them to launch an executable with the privileges necessary for that executable to have its intended effect, they would simply launch that executable directly instead of using these methods to launch their library or executable indirectly.


InstallAnywhere Hotfix IOJ-1756928

This issue has been published as CVE-2016-4560.
Setup authors can avoid the DLL Preloading issue by (a) not creating setup launcher executables, or (b) by creating setup launcher executables built with InstallAnywhere Hotfix IOJ-1756928 and not using the name setup.exe for those executables. Setup launcher executables built using this hotfix call new Windows APIs which restrict the search path used to find libraries, even dependent libraries.

Setup authors can avoid the Binary Planting issue (a) by not creating setup launcher executables, or (b) by referencing the full path of each executable launched by a setup launcher executable.

Setup authors can avoid the Unquoted Service Path issue by quoting the full path of each executable which is registered as a service by a setup launcher executable.

InstallAnywhere Hotfix IOJ-1756928 may be downloaded from the following links:
Hotfix Installer for Windows
Hotfix Installer for Linux (32-bit)
Hotfix Installer for Linux (64-bit)
Hotfix Installer for Mac OS X
Hotfix Installer for Solaris Sparc

Additional Information

Was this helpful?
Support Hub
Product
InstallAnywhere
Visibility
Guest
URL Name
windows-loads-a-different-library-or-launches-a-different-executable-than-was-intended-by-the-author-of-an-installanywhere-setup-launcher-executable

Related Articles

Create a case with Support
0/255
Upload Attachment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to cancel the case creation?

Are you sure you want to close this case

Get Hotline support
Products Region Phone Numbers
FlexNet Operations
FlexNet Embedded
FlexNet Publisher
FlexNet Connect
FlexNet Code Insight
InstallAnywhere
InstallShield 		North America  * +1 630-332-2513 (toll)
+1 877-279-2853 (toll-free in North America)
Europe  * +44 1925 944367 (toll)
+44 800 047 8642 (toll-free in Europe)
Japan  * +81 3-4540-5335 (select option 2)
Australia  * +61 3 9895 2177
+61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics)
Compliance Intelligence 		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
Book an Appointment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
+1.800.374.4353
CONTACT US REVENERA.COM FLEXERA.com
© 2026 Flexera Software. All Rights Reserved.
Privacy policy Terms and conditions Flexera Community Contact Us
Loading
Windows loads a different library or launches a different executable than was intended by the author of an InstallAnywhere setup launcher executable