Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by liveon

CVE-2026-32679 (GCVE-0-2026-32679)

Vulnerability from cvelistv5 – Published: 2026-04-23 00:02 – Updated: 2026-04-23 16:23

Summary

The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer.

Severity

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

jpcert

References

2 references

URL	Tags
https://web.liveon.ne.jp/wp-content/uploads/2026/…
https://jvn.jp/en/jp/JVN45563482/

Impacted products

4 products

Vendor	Product	Version
Japan Media Systems Corporation	Downloader5Installer.exe	Affected: Ver.1.0.0.0
Japan Media Systems Corporation	Downloader5InstallerForAdmin.exe	Affected: Ver.1.0.0.0
Japan Media Systems Corporation	CanonNWCamPlugin.exe	Affected: Ver.1.0.0.0
Japan Media Systems Corporation	CanonNWCamPluginForAdmin.exe	Affected: Ver.1.0.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T14:15:21.072117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T16:23:44.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Downloader5Installer.exe",
          "vendor": "Japan Media Systems Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.0.0.0"
            }
          ]
        },
        {
          "product": "Downloader5InstallerForAdmin.exe",
          "vendor": "Japan Media Systems Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.0.0.0"
            }
          ]
        },
        {
          "product": "CanonNWCamPlugin.exe",
          "vendor": "Japan Media Systems Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.0.0.0"
            }
          ]
        },
        {
          "product": "CanonNWCamPluginForAdmin.exe",
          "vendor": "Japan Media Systems Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.0.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path Element",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T00:02:05.301Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://web.liveon.ne.jp/wp-content/uploads/2026/04/JMSSA2026-001.pdf"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN45563482/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-32679",
    "datePublished": "2026-04-23T00:02:05.301Z",
    "dateReserved": "2026-04-20T02:53:09.291Z",
    "dateUpdated": "2026-04-23T16:23:44.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}