Nullsoft: >> Nullsoft Scriptable Install System >> 2.09 Security Vulnerabilities
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-07-03
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-10-01
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
CVSS Score
7.8
EPSS Score
0.006
Published
2018-10-01