PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-32679 Japan Media Systems Corporation CVE debrief

CVE-2026-32679 is a high-severity vulnerability (CVSS 8.4) affecting LiveOn Meet Client and Canon Network Camera Plugin installers for Windows. The affected executables—Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, and CanonNWCamPluginForAdmin.exe—exhibit insecure DLL loading behavior. When these installers execute, they search for and load Dynamic Link Libraries from the current working directory without proper validation. An attacker who can place a malicious DLL in the same directory as the installer may achieve arbitrary code execution with the privileges of the user running the installer. This vulnerability was published on April 23, 2026, and last modified on May 18, 2026. The issue is classified under CWE-427 (Uncontrolled Search Path Element). No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Vendor
Japan Media Systems Corporation
Product
Downloader5Installer.exe
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-23
Original CVE updated
2026-05-18
Advisory published
2026-04-23
Advisory updated
2026-05-18

Who should care

Windows system administrators managing LiveOn Meet Client or Canon Network Camera Plugin deployments, security teams responsible for endpoint protection, and organizations with users who may download and execute software installers from untrusted locations.

Technical summary

The affected Windows installers use unsafe DLL search path resolution, loading libraries from the application directory without verifying authenticity. When a user executes the installer from a directory where an attacker has placed a malicious DLL (e.g., a shared download folder or removable media), the installer loads and executes the attacker's code. The vulnerability requires local access or social engineering to place the malicious DLL, but requires no privileges to trigger. Impact is high across confidentiality, integrity, and availability dimensions per CVSS 4.0 scoring.

Defensive priority

HIGH

Recommended defensive actions

  • Verify whether Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, or CanonNWCamPluginForAdmin.exe version 1.0.0.0 are present in your environment
  • Obtain updated installer versions from LiveOn that address the insecure DLL loading behavior
  • If updated installers are unavailable, ensure installers are only executed from protected directories with restricted write permissions
  • Implement application control policies to block execution of installers from user-writable directories
  • Monitor for suspicious DLL files placed in directories containing LiveOn installer executables
  • Review endpoint detection and response (EDR) alerts for anomalous DLL loading events involving these installer processes

Evidence notes

The vulnerability description and affected product versions are sourced from NVD CPE data and JPCERT/CC advisory. CVSS 4.0 vector confirms local attack vector with high impact to confidentiality, integrity, and availability. The CWE-427 classification indicates uncontrolled search path element vulnerability.

Official resources

The vulnerability was disclosed through coordinated disclosure via JPCERT/CC and published in the NVD on April 23, 2026. LiveOn published a vendor advisory in April 2026 addressing the issue.