Published:2025/10/06  Last Updated:2025/10/06

JVN#95806263
The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries

Overview

The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries.

Products Affected

Multiple products are affected.
As for the details of affected products, refer to the information provided by the developer.

Description

The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries.

  • Uncontrolled search path element (CWE-427)
    • CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
    • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
    • CVE-2025-57781
    • This vulnerability is exploited by directing a user to download and place a crafted DLL file with the affected installer, and to execute the installer

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

Solution

Use the latest installer
Use the latest installer provided by the developer.

References

  1. Japan Vulnerability Notes JVNTA#91240916
    Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
  2. Japan Vulnerability Notes JVN#72748502
    Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Takeru Naito of MOTEX Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-57781
JVN iPedia JVNDB-2025-000082