Vulnerability Details CVE-2015-9267
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 3.6
References
- http://jvn.jp/en/jp/JVN68418039/index.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
- https://sourceforge.net/p/nsis/bugs/1125/
- http://jvn.jp/en/jp/JVN68418039/index.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
- https://sourceforge.net/p/nsis/bugs/1125/
Products affected by CVE-2015-9267
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.0
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.01
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.02
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.03
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.04
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.05
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.06
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.07
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.08
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.09
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.10
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.11
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.12
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.13
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.14
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.15
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.16
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.17
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.18
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.19
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.20
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.21
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.22
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.23
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.24
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.25
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.26
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.27
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.28
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.29
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.30
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.31
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.32
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.33
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.34
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.35
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.36
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.37
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.38
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.39
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.40
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.41
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.42
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.43
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.44
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.45
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.46
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.47
-
cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:2.48
-
cpe:2.3:o:debian:debian_linux:8.0