Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local because the malicious DLL must be co-located (AV:L) and the victim must run the installer (UI:R); no prior privileges needed (PR:N) and successful load yields full user-level compromise (C/I/A:H).
Primary rating from Vendor (jpcert).
CVSS VectorVendor: jpcert
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.
AnalysisAI
Arbitrary code execution in the HYPER SBI 2 installer (SBI Securities' online trading application) allows a local attacker to run code with the invoking user's privileges by planting a crafted DLL in the installer's directory. The flaw stems from insecure DLL search-path loading (CWE-427) and requires the victim to launch the installer from an attacker-influenced folder. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a crafted DLL with the name the installer searches for already be present in the same directory as the HYPER SBI 2 installer at the moment the victim invokes it, and it requires the victim to actively run that installer (UI:A). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score is 8.4 (High), but the vector qualifies the real-world risk: AV:L means the attacker cannot exploit remotely - the malicious DLL must already be co-located with the installer - and UI:A (Active user interaction, mapping to UI:R in 3.1) means the victim must themselves run the installer from the poisoned directory. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker convinces a victim to download the HYPER SBI 2 installer while also delivering a malicious DLL with the expected filename into the same folder (for example, both files land in the browser's default Downloads directory). When the victim double-clicks the installer, it loads the attacker's DLL from the current directory and executes the embedded payload with the victim's privileges. … |
| Remediation | Obtain and run only the latest installer directly from SBI Securities' official distribution per the JVN advisory (https://jvn.jp/en/jp/JVN59875262/); a fixed installer that resolves DLLs from trusted absolute paths is the primary remedy - an exact patched version number is not stated in the available data, so consult the vendor advisory for the current build. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all SBI Securities customers and HYPER SBI 2 deployments in your environment; send security notifications warning users to avoid launching installers from shared or untrusted directories and to verify installer authenticity before execution. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44591
GHSA-j386-q724-3f5c