JVN#48498976
Multiple vulnerabilities in the installer of FinalCode Client

Overview

The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities.

Products Affected

• FinalCode Ver.5 series versions prior to 5.43R01
• FinalCode Ver.6 series versions prior to 6.51R01

Description

The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below.

• Incorrect default permissions (CWE-276)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
  • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2026-23703
• Uncontrolled search path element (CWE-427)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2026-25191

Impact

• A non-administrative user may execute arbitrary code with SYSTEM privilege (CVE-2026-23703)
• If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege (CVE-2026-25191)

Solution

Use the latest installer
The developer released the updated installers version 5.43R01 and 6.51R01 to fix the issues.
Use the latest installer to install the product.
Even when the product is already installed, you should re-install the product to fix the ACL of the installation directory.