Published:2026/04/10 Last Updated:2026/04/10
JVN#00263243
EmoCheck loads Dynamic Link Libraries insecurely
Overview
EmoCheck provided by Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) loads Dynamic Link Libraries insecurely.
Products Affected
- Emocheck, all versions
Description
EmoCheck is a tool for detecting infections by "Emotet" malware, provided by Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). EmoCheck loads Dynamic Link Libraries insecurely.
- Uncontrolled search path element (CWE-427)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-28704
- This vulnerability is exploited by directing a user to download and place a crafted DLL file in the same directory as EmoCheck, and to execute EmoCheck
Impact
Arbitrary code may be executed with the privilege of the user invoking EmoCheck.
Solution
Stop using EmoCheck
EmoCheck is no longer available. It is recommended that users stop using EmoCheck.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) | Vulnerable | 2026/04/10 | Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) website |
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
ryo shimada of Powder Keg Technologies, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated internally under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-28704 |
| JVN iPedia |
JVNDB-2026-000053 |
Update History
- 2026/04/10
- Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) update status