CVE-2026-32679
Received Received - Intake
Insecure DLL Loading in LiveOn Meet and Canon Camera Installers

Publication date: 2026-04-23

Last updated on: 2026-05-18

Assigner: JPCERT/CC

Description
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-23
Last Modified
2026-05-18
Generated
2026-06-16
AI Q&A
2026-04-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32679
EUVD
EUVD-2026-25138
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
liveon canonnwcamplugin.exe 1.0.0.0
liveon canonnwcampluginforadmin.exe 1.0.0.0
liveon downloader5installer.exe 1.0.0.0
liveon downloader5installerforadmin.exe 1.0.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the installers of LiveOn Meet Client for Windows and the Canon Network Camera Plugin provided by Japan Media Systems Corporation. The installers insecurely load Dynamic Link Libraries (DLLs), meaning if a malicious DLL is placed in the same directory as the installer, the installer may load and execute that malicious DLL.

Exploiting this vulnerability requires tricking a user into downloading and placing a specially crafted malicious DLL file alongside the affected installer and then running the installer. If successful, the attacker can execute arbitrary code with the same privileges as the user running the installer.

Impact Analysis

The impact of this vulnerability is that an attacker can execute arbitrary code on your system with the privileges of the user running the installer. This can lead to complete compromise of the user's environment during the installation process.

However, the impact is limited to the installer phase only; already installed products are not affected by this vulnerability.

Detection Guidance

This vulnerability affects specific installer files: Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, and CanonNWCamPluginForAdmin.exe, all version 1.0.0.0. Detection involves checking for the presence of these installer files in your system.

You can detect the vulnerability by verifying if these installer executables exist and if any suspicious DLL files are located in the same directories as these installers, as the vulnerability arises from insecure DLL loading from the installer's directory.

  • On Windows, use the command to find the installer files: `dir /s Downloader5Installer.exe` `dir /s Downloader5InstallerForAdmin.exe` `dir /s CanonNWCamPlugin.exe` `dir /s CanonNWCamPluginForAdmin.exe`
  • Check for any DLL files in the same directories as the installers: `dir /s *.dll` in the directories where the installers are found.

If you find any unexpected or suspicious DLL files in the same directory as these installers, it may indicate an attempt to exploit this vulnerability.

Mitigation Strategies

The recommended immediate mitigation is to replace the affected installers with the latest versions provided by the developer, Japan Media Systems Corporation, which address this DLL loading vulnerability.

Additionally, avoid running the affected installers from directories that contain untrusted or unknown DLL files to prevent malicious DLL execution.

Ensure that users are aware not to place or run installers alongside untrusted DLL files, and consider running installers with the least privilege necessary.

Compliance Impact

The vulnerability allows arbitrary code execution with the privileges of the user running the installer due to insecure DLL loading. This can lead to unauthorized access, modification, or destruction of sensitive data during the installation process.

Such unauthorized code execution and potential data compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring system integrity.

However, the impact is limited to the installer phase, and already installed products are not affected. Mitigation involves using the latest installers provided by the developer.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32679. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart