Powerprove

**Name of the Vulnerable Software and Affected Versions** NAVER Toolbar versions prior to 4.0.30.323 **Description** The issue allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in the `filename` parameter can bypass the code signing check function. **Recommendations** For versions prior to 4.0.30.323, update to version 4.0.30.323 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `filename` parameter in the upgrade.xml file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Naver Vaccine version 2.1.4 **Description** The issue allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within nsz archive. This is due to a problem in the nsGreen.dll component. **Recommendations** For Naver Vaccine version 2.1.4, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the nsGreen.dll component to minimize the risk of exploitation.