JVN#45563482
Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries

Overview

The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin provided by Japan Media Systems Corporation may insecurely load Dynamic Link Libraries.

Products Affected

• the installer of LiveOn Meet Client for Windows
  • Downloader5Installer.exe Ver.1.0.0.0
  • Downloader5InstallerForAdmin.exe Ver.1.0.0.0
• the installer of Canon Network Camera Plugin
  • CanonNWCamPlugin.exe Ver.1.0.0.0
  • CanonNWCamPluginForAdmin.exe Ver.1.0.0.0

Description

LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries.

• Uncontrolled search path element (CWE-427)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2026-32679
  • This vulnerability may be exploited by directing a user to download and place a specially crafted DLL file with the affected installer and to execute the installer.

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

Solution

Use the latest installers
Use the latest installers provided by the developer.

This vulnerability only affects the installers, and already installed products are not affected.