CVE-2026-32679
Insecure DLL Loading in LiveOn Meet and Canon Camera Installers
Publication date: 2026-04-23
Last updated on: 2026-04-23
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| japan_media_systems_corporation | liveon_meet_client | 1.0.0.0 |
| japan_media_systems_corporation | canon_network_camera_plugin | 1.0.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the installers of LiveOn Meet Client for Windows and the Canon Network Camera Plugin provided by Japan Media Systems Corporation. The installers insecurely load Dynamic Link Libraries (DLLs), meaning if a malicious DLL is placed in the same directory as the installer, the installer may load and execute that malicious DLL.
Exploiting this vulnerability requires tricking a user into downloading and placing a specially crafted malicious DLL file alongside the affected installer and then running the installer. If successful, the attacker can execute arbitrary code with the same privileges as the user running the installer.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can execute arbitrary code on your system with the privileges of the user running the installer. This can lead to complete compromise of the user's environment during the installation process.
However, the impact is limited to the installer phase only; already installed products are not affected by this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects specific installer files: Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, and CanonNWCamPluginForAdmin.exe, all version 1.0.0.0. Detection involves checking for the presence of these installer files in your system.
You can detect the vulnerability by verifying if these installer executables exist and if any suspicious DLL files are located in the same directories as these installers, as the vulnerability arises from insecure DLL loading from the installer's directory.
- On Windows, use the command to find the installer files: `dir /s Downloader5Installer.exe` `dir /s Downloader5InstallerForAdmin.exe` `dir /s CanonNWCamPlugin.exe` `dir /s CanonNWCamPluginForAdmin.exe`
- Check for any DLL files in the same directories as the installers: `dir /s *.dll` in the directories where the installers are found.
If you find any unexpected or suspicious DLL files in the same directory as these installers, it may indicate an attempt to exploit this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to replace the affected installers with the latest versions provided by the developer, Japan Media Systems Corporation, which address this DLL loading vulnerability.
Additionally, avoid running the affected installers from directories that contain untrusted or unknown DLL files to prevent malicious DLL execution.
Ensure that users are aware not to place or run installers alongside untrusted DLL files, and consider running installers with the least privilege necessary.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary code execution with the privileges of the user running the installer due to insecure DLL loading. This can lead to unauthorized access, modification, or destruction of sensitive data during the installation process.
Such unauthorized code execution and potential data compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring system integrity.
However, the impact is limited to the installer phase, and already installed products are not affected. Mitigation involves using the latest installers provided by the developer.