Vulnerability ID: JVN#11601216 Product Affected: Security Kinou Miharian v1.0.21 and earlier Description: The installer provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains a flaw in the DLL search path, which may result in insecure loading of Dynamic Link Libraries. Impact: Arbitrary code execution with the privileges of the user running the installer. Solution: Upgrade to the latest installer: Security Kinou Miharian v1.0.22 or later. During installation, verify that no suspicious files exist in the installation directory. Vendor Status: NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION is reported as vulnerable. Vulnerability Analysis: - CVSS v3: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, Base Score: 7.8 - CVSS v2: AV:N/AC:M/Au:N/C:P/I:P/A:P, Base Score: 6.8 References: Japan Vulnerability Notes JVNTA#91240916. This vulnerability is also noted in many Windows applications. Credit: Reported by Eili Masami of Tachibana Lab. Coordinated by JPCERT/CC.