Many Application installers are susceptible to 'binary planting' if the planting of the file is in a tricky location the risk becomes less of an issue, but off the back of a review of it was clear that there is a bigger issue here
Lots of Application installers look for version.dll in it's current working directory.
Oh!... what does that mean ?
well, it takes about 2 minutes to create a malicious version.dll file and if placed in the same folder as the application installer i.e. the Downloads folder, this poses a real risk.
Better at Fullscreen Link
The last time I spoke with Microsoft about security issues, they treat me slightly disrespectfully,... one good turn deserves another.