LiveOn Meet Client and Canon Network Camera Plugin Insecure DLL Loading Vulnerability

A vulnerability exists in the installers of LiveOn Meet Client for Windows and the Canon Network Camera Plugin, both version 1.0.0.0. These installers insecurely load Dynamic Link Libraries (DLLs), creating an opportunity for arbitrary code execution. If a malicious DLL is placed in the same directory as the installer, the installer may load the DLL and execute its code with the privileges of the user running the installer.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the user who invoked the installer.

Remediation

Users with the affected installers should delete the old version and download the latest version 2.0.0.0 from the LiveOn support download page. For the Canon Network Camera Plugin, version 2.0.0.0 is also available on the same download page.