I couldn't find a link, but a few years ago there was a problem with a virus checker and a game that (errantly) triggered it (I read this in the game's support pages). It turns out that the given virus checker would quarantine executables to a holding file called "c:\program". This game's launcher was quarantined by the virus checker to that location.

So, it turns out that when Windows wanted to launch things, it would find the first exe it could, then apply the rest of the command as args. "c:\program" comes before "c:\program files\", so every time a user went to launch a program, windows would find the "c:\program" exe first, and apply the rest of the string as args (" files/and/rest/of/string"). So the launcher would fire up, and it ignored the args. For some reason I can't recall, Windows kept looking for the right program and eventually it would launch as well.

So the end-user, on trying to run any application, would get that application plus the game's launcher, all because of the crazy way Windows searches it's path... well, when combined with a crazy virus checker behaviour.

Unfortunately I can't recall the checker or the game, sorry.

That's a scenario more common than it should be actually:

http://www.commonexploits.com/unquoted-service-paths/

There's even a hint of privilege escalation there (but not always: writing to C:\ still requires root in most cases).

A much better explanation, thank you.