Published:2025/11/19 Last Updated:2025/11/19
JVN#50288352
Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries
Overview
Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation may insecurely load Dynamic Link Libraries.
Products Affected
- RakurakuMusen Start EX for Windows all versions
*This product is a tool for Windows XP/Vista/7/8/10.
Description
Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-12852
Impact
Arbitrary code may be executed with the privilege of the user invoking the installer.
Solution
Stop using the tool
The developer states that the affected tool is no longer supported and recommends not to use anymore.
Refer to the information provided by the developer for details.
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2025-000107 |