CVE-2008-0634 – Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0634
Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551. Desbordamiento de búfer en el control ActiveX NamoInstaller.NamoInstall.1 en NamoInstaller.dll 3.0.0.1, del modo que se usa en Sejoong Namo ActiveSquare6. Permite a atacantes remotos ejecutar código de su elección a través de un argumento largo al método Install, una vulnerabilidad distinta a CVE-2008-0551. • https://www.exploit-db.com/exploits/5045 http://secunia.com/advisories/28649 https://exchange.xforce.ibmcloud.com/vulnerabilities/40199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0551 – Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method
https://notcve.org/view.php?id=CVE-2008-0551
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. El control ActiveX NamoInstaller.NamoInstall.1 de NamoInstaller.dll 3.0.0.1 y anteriores en Namo Web Editor en Sejoong Namo ActiveSquare 6 permite a atacantes remotos ejecutar código de su elección a través de un URL en el argumento del método Install. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/4986 http://secunia.com/advisories/28649 http://www.securityfocus.com/bid/27453 http://www.securityfocus.com/bid/27580 http://www.vupen.com/english/advisories/2008/0299 https://exchange.xforce.ibmcloud.com/vulnerabilities/39943 https://exchange.xforce.ibmcloud.com/vulnerabilities/39974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •