When launching an installer created with InnoSetup it tries to load the common-controls DLL from Windows. I'm assuming this is for rendering the UI dialogas. However, by using the DLL Redirection feature provided by Windows (https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection) you can make the installer run a different DLL that you place on a specific location.
This behavior can be a problem especially if the installer itself requires elevated privileges to run but the installer file has been placed in a more accessible location, like the user Downloads folder.
Microsoft provides a couple of options to manage the DLL-loading behavior, like using some specific parameters on the linker when building the application (https://devblogs.microsoft.com/oldnewthing/20230328-00/?p=107978)
So I'm wondering if there is a way to tell InnoSetup to use this (or other) mitigation alternatives to prevent this from happening. Is this a known issue and some documentation exists somewhere on how to deal with this?
PS: I'm currently using InnoSetup v6.0.5
So after digging some more in InnoSetup documentation, it turns out that this was fixed in a later version. An installer built with v6.2.2 (current latest) does not seem to present the same issue and will not try to run the "fake" dll.
From JRSoftware's website: