Vulnerability ID: JVN#11601216 Product Affected: Security Kinou Miharian v1.0.21 and earlier Description: The installer provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION has a flaw in the DLL search path, leading to the insecure loading of Dynamic Link Libraries. Impact: Arbitrary code execution with the user's privileges. Solution: Use the latest installer: Security Kinou Miharian v1.0.22 or higher version. Check the directory for no suspicious files when installing. Vendor Status: NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION is reported as Vulnerable. Vulnerability Analysis: - CVSS v3: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, Base Score: 7.8 - CVSS v2: AV:N/AC:M/Au:N/C:P/I:P/A:P, Base Score: 6.8 References: Japan Vulnerability Notes JVNTA#91240916. Related vulnerability noted in many Windows applications programs. Credit: Eili Masami of Tachibana Lab. reported it. Coordinated by JPCERT/CC.