EmoCheck loads dynamic‑link libraries without validating the source of the DLL files it loads. This flaw enables an attacker to craft a malicious DLL and place it in the same directory as the application. When EmoCheck starts, it will load the DLL and execute its code with the privileges of the user running the program, satisfying the conditions for remote code execution via local modification of the DLL search order. The weakness corresponds to CWE‑427 and can lead to unintended data disclosure, tampering, or full system compromise if the authenticated user has sufficient rights.

This vulnerability affects the EmoCheck utility distributed by the Japan Computer Emergency Response Team Coordination Center. No specific version numbers were disclosed, so any version of EmoCheck currently in use may be vulnerable until a patch or update is applied.

The CVSS score of 8.4 indicates a high impact vulnerability. The EPSS score is not available, so the exact likelihood of automated exploitation is unknown. The attack vector is inferred to be local, requiring an attacker to place a malicious DLL in the application's directory—an action that is quite realistic for users who can write files to that location. The flaw is not listed in the CISA KEV catalog, and no public exploits have been reported, yet the combination of high severity and ease of exploitation warrants immediate attention.