Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer.
AnalysisAI
DLL hijacking in LiveOn Meet Client and Canon Network Camera Plugin installers allows local attackers to execute arbitrary code with installer privileges when users run vulnerable installer executables from directories containing malicious DLLs. The flaw affects four installer executables (Downloader5Installer.exe, Downloader5InstallerForAdmin.exe, CanonNWCamPlugin.exe, CanonNWCamPluginForAdmin.exe) version 1.0.0.0. No public exploit identified at time of analysis, though the attack technique is well-documented. CVSS 8.4 (High) reflects significant impact contingent on user interaction and attacker's ability to place malicious files in the installer directory before execution - real-world risk depends heavily on organizational download practices and endpoint controls preventing untrusted DLL placement.
Technical ContextAI
This vulnerability exploits CWE-427 (Uncontrolled Search Path Element), a class of Windows DLL loading flaws where applications search for required libraries in predictable locations before system directories. The affected installers for LiveOn Meet Client (a web conferencing product by Japan Media Systems Corporation) and Canon Network Camera Plugin fail to use secure DLL loading techniques such as absolute paths or SetDllDirectory hardening. When these installers execute, Windows DLL search order checks the current working directory first, allowing an attacker who controls that location to inject malicious code. The CVSS 4.0 vector (AV:L/AC:L/PR:N/UI:A) indicates local attack vector with low complexity but required user interaction - the victim must download or copy the installer to an attacker-controlled directory and then execute it. The privilege escalation potential depends on whether users run the standard or ForAdmin variants, with ForAdmin installers potentially executing malicious DLLs with elevated privileges if launched via UAC elevation.
RemediationAI
Obtain updated installers from Japan Media Systems Corporation's official advisory at https://web.liveon.ne.jp/wp-content/uploads/2026/04/JMSSA2026-001.pdf (vendor patch status not confirmed in provided data - check advisory for fix versions newer than 1.0.0.0). Until patched installers are available, implement the following compensating controls: First, centralize installer distribution through trusted internal repositories rather than allowing users to download from arbitrary locations, reducing DLL placement opportunities. Second, enforce application whitelisting policies that prevent execution of unsigned or unexpected DLLs from user-writable directories during installation processes. Third, configure group policy to block DLL loading from WebDAV, UNC paths, and user download folders for installer executables. Fourth, train users to extract installers only to protected system directories (e.g., C:\Windows\Temp with restricted ACLs) before execution, though this introduces usability friction. For enterprise deployments, repackage installers using secure deployment tools like Microsoft Intune or SCCM that execute from controlled directories. Note that simply running installers 'as administrator' does NOT mitigate the vulnerability - it may actually increase impact by executing malicious DLLs with elevated privileges. Verify installer authenticity through digital signatures before execution in all scenarios.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25138
GHSA-x3jw-9xf9-4hv3