[Japanese]

JVNDB-2026-000061

Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries

Overview

LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries.
  • Uncontrolled search path element (CWE-427) - CVE-2026-32679
  • This vulnerability may be exploited by directing a user to download and place a specially crafted DLL file with the affected installer and to execute the installer.
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
  • Access Vector (AV): Local
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): None
  • Privileges Required (PR): None
  • User Interaction (UI): Active
    • Vulnerable System Impact
  • Confidentiality Impact (VC): High
  • Integrity Impact (VI): High
  • Availability Impact (VA): High
    • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
Affected Products


Japan Media Systems Corporation
  • the installer of LiveOn Meet Client for Windows Downloader5Installer.exe Ver.1.0.0.0
  • the installer of LiveOn Meet Client for Windows Downloader5InstallerForAdmin.exe Ver.1.0.0.0
  • the installer of Canon Network Camera Plugin CanonNWCamPlugin.exe Ver.1.0.0.0
  • the installer of Canon Network Camera Plugin CanonNWCamPluginForAdmin.exe Ver.1.0.0.0

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.
Solution

[Use the latest installers]
Use the latest installers provided by the developer.

This vulnerability only affects the installers, and already installed products are not affected.
Vendor Information

Japan Media Systems Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-32679
References

  1. JVN : JVN#45563482
  2. JVN : JVNTA#91240916
Revision History

  • [2026/04/22]
      Web page was published

Date Public2026/04/22
Date First Published2026/04/22
Date Last Updated2026/04/22