HIGHCVE-2026-25191Published 2026-02-26Modified 2026-02-26CNA jpcert

CVE-2026-25191: The installer of FinalCode Client provided by Digital Arts Inc

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege.

CVSS v4.0: 8.4
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

Digital Arts Inc. / FinalCode Ver.5 series
prior to 5.43R01
Digital Arts Inc. / FinalCode Ver.6 series
prior to 6.51R01

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

daj.jp
jvn.jp

Metrics