CVE-2008-0551
published 2008-02-01CVE-2008-0551: The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
29.75%
98.0th percentile
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sejoong_namo | activesquare | — | — |
| sejoong_namo | namoinstall.1_activex_control | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor ActiveX instantiation of the ProgID 'NamoInstaller.NamoInstall.1' — exploitation occurs via a long argument passed to its Install() method, which triggers a buffer overflow ↗
- →The exploit delivers a remote executable via the Install() method argument (URL pointing to attacker-controlled .EXE); monitor for browser-spawned processes fetching executables via this ActiveX control ↗
- ·The NVD source (DOC 1) describes CVE-2008-0634, which is explicitly noted as a *different* vulnerability than CVE-2008-0551; the exploit-db entry (DOC 2) covers the same NamoInstaller.dll Install() method but may overlap both CVEs — treat extracted indicators as potentially applicable to both CVE-2008-0551 and CVE-2008-0634 ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c8w7-2m57-pv7f: Buffer overflow in the NamoInstaller
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0634 [CRITICAL] CWE-119 GHSA-c8w7-2m57-pv7f: Buffer overflow in the NamoInstaller
Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551.
GHSA
GHSA-ch62-xvfr-2jjq: The NamoInstaller
ghsa_unreviewed·2022-05-01
CVE-2008-0551 [HIGH] CWE-94 GHSA-ch62-xvfr-2jjq: The NamoInstaller
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/28649http://www.securityfocus.com/bid/27453http://www.securityfocus.com/bid/27580http://www.vupen.com/english/advisories/2008/0299https://exchange.xforce.ibmcloud.com/vulnerabilities/39943https://exchange.xforce.ibmcloud.com/vulnerabilities/39974https://www.exploit-db.com/exploits/4986http://secunia.com/advisories/28649http://www.securityfocus.com/bid/27453http://www.securityfocus.com/bid/27580http://www.vupen.com/english/advisories/2008/0299https://exchange.xforce.ibmcloud.com/vulnerabilities/39943https://exchange.xforce.ibmcloud.com/vulnerabilities/39974https://www.exploit-db.com/exploits/4986
2008-02-01
Published