Plan-S

**Name of the Vulnerable Software and Affected Versions** Sejoong Namo ActiveSquare6 version 3.0.0.1 **Description** The issue is related to a buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control, which is part of the NamoInstaller.dll. This buffer overflow can be triggered by passing a long argument to the `Install` method, allowing remote attackers to execute arbitrary code. **Recommendations** For version 3.0.0.1, consider disabling the `Install` method in the NamoInstaller.NamoInstall.1 ActiveX control as a temporary workaround until a patch is available. Restrict access to the NamoInstaller.dll to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sejoong Namo ActiveSquare 6 versions 3.0.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a URL in the argument to the `Install()` method of the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll. **Recommendations** For versions 3.0.0.1 and earlier, consider disabling the `Install()` method of the NamoInstaller.NamoInstall.1 ActiveX control until a patch is available.