Search
Find a vulnerability
Search criteria
3 vulnerabilities by Japan Media Systems Corporation
CVE-2026-32679 (GCVE-0-2026-32679)
Vulnerability from nvd – Published: 2026-04-23 00:02 – Updated: 2026-04-23 16:23
VLAI
EPSS
VEX
Summary
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Japan Media Systems Corporation | Downloader5Installer.exe |
Affected:
Ver.1.0.0.0
|
|
| Japan Media Systems Corporation | Downloader5InstallerForAdmin.exe |
Affected:
Ver.1.0.0.0
|
|
| Japan Media Systems Corporation | CanonNWCamPlugin.exe |
Affected:
Ver.1.0.0.0
|
|
| Japan Media Systems Corporation | CanonNWCamPluginForAdmin.exe |
Affected:
Ver.1.0.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:15:21.072117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:23:44.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Downloader5Installer.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
},
{
"product": "Downloader5InstallerForAdmin.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
},
{
"product": "CanonNWCamPlugin.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
},
{
"product": "CanonNWCamPluginForAdmin.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T00:02:05.301Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web.liveon.ne.jp/wp-content/uploads/2026/04/JMSSA2026-001.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN45563482/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32679",
"datePublished": "2026-04-23T00:02:05.301Z",
"dateReserved": "2026-04-20T02:53:09.291Z",
"dateUpdated": "2026-04-23T16:23:44.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32679 (GCVE-0-2026-32679)
Vulnerability from cvelistv5 – Published: 2026-04-23 00:02 – Updated: 2026-04-23 16:23
VLAI
EPSS
VEX
Summary
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Japan Media Systems Corporation | Downloader5Installer.exe |
Affected:
Ver.1.0.0.0
|
|
| Japan Media Systems Corporation | Downloader5InstallerForAdmin.exe |
Affected:
Ver.1.0.0.0
|
|
| Japan Media Systems Corporation | CanonNWCamPlugin.exe |
Affected:
Ver.1.0.0.0
|
|
| Japan Media Systems Corporation | CanonNWCamPluginForAdmin.exe |
Affected:
Ver.1.0.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:15:21.072117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:23:44.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Downloader5Installer.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
},
{
"product": "Downloader5InstallerForAdmin.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
},
{
"product": "CanonNWCamPlugin.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
},
{
"product": "CanonNWCamPluginForAdmin.exe",
"vendor": "Japan Media Systems Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T00:02:05.301Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web.liveon.ne.jp/wp-content/uploads/2026/04/JMSSA2026-001.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN45563482/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32679",
"datePublished": "2026-04-23T00:02:05.301Z",
"dateReserved": "2026-04-20T02:53:09.291Z",
"dateUpdated": "2026-04-23T16:23:44.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2026-000061
Vulnerability from jvndb - Published: 2026-04-22 15:45 - Updated:2026-04-22 15:45
Severity
Summary
Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries
Details
LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427) - CVE-2026-32679
- This vulnerability may be exploited by directing a user to download and place a specially crafted DLL file with the affected installer and to execute the installer.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000061.html",
"dc:date": "2026-04-22T15:45+09:00",
"dcterms:issued": "2026-04-22T15:45+09:00",
"dcterms:modified": "2026-04-22T15:45+09:00",
"description": "LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries.\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-32679\u003c/li\u003e\u003cli\u003eThis vulnerability may be exploited by directing a user to download and place a specially crafted DLL file with the affected installer and to execute the installer.\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000061.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:japan_media_systems_corporation_liveon_meet_client_installer_for_windows_pc",
"@product": "the installer of LiveOn Meet Client for Windows",
"@vendor": "Japan Media Systems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:japan_media_systems_corporation_plugin_installer_for_canon_network_cameras",
"@product": "the installer of Canon Network Camera Plugin",
"@vendor": "Japan Media Systems Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000061",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45563482/index.html",
"@id": "JVN#45563482",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32679",
"@id": "CVE-2026-32679",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries"
}