Digital Arts FinalCode Client Uncontrolled Search Path Element Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in the installer of FinalCode Client by Digital Arts Inc., specifically in versions of the FinalCode Ver.5 series prior to 5.43R01 and the Ver.6 series prior to 6.51R01. The issue arises from an uncontrolled search path element, which can be exploited by placing a malicious DLL file in the same directory as the installer and executing it. This could lead to arbitrary code execution with the privileges of the installer.

Impact

Exploitation of this vulnerability allows a non-administrative user to execute arbitrary code with the installer's execution privileges.

Remediation

Users are advised to update to the latest version of FinalCode Client. Version 6.51R01 was released on February 26, 2026, and users of FinalCode VA, FinalCode@Cloud, or m-FILTER series with the encryption option linked to FinalCode should also update to this version. For FinalCode products on version 5, an uninstallation followed by a reinstallation of the latest version is required.