Published: 2017/07/24  Last Updated: 2017/07/24

Information from Kiri

Vulnerability ID:JVN#17523256
Title:Installer of Tween may insecurely load Dynamic Link Libraries

This is a statement from the vendor itself with no modification by JPCERT/CC.

The installer of Tween or earlier has vulnerability of DLL loading without intent.
When this vulnerability is used for bad ends, a malicious third person will execute any code on installer startup.

This vulnerability only affects on installer startup, so Tween already installed does not have the problem.