How can rundll32.exe be abused to execute arbitrary programs?

The `rundll32.exe` utility can load DLLs and call their exported functions. The function `OpenURL` in `url.dll` calls `ShellExecute`, allowing the user to control the file parameter. For example, `rundll32.exe url.dll,OpenURL calc.exe` executes Calculator. This technique, detailed in Analysis of Executing Programs Using rundll32, is often used for lateral movement and code execution.