CVE-2025-43715
- EPSS 0.03%
- Veröffentlicht 17.04.2025 00:00:00
- Zuletzt bearbeitet 17.04.2025 20:21:48
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a cra...
CVE-2023-37378
- EPSS 0.27%
- Veröffentlicht 03.07.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:11:36
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.
CVE-2015-9267
- EPSS 0.04%
- Veröffentlicht 01.10.2018 08:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:12
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse pro...
CVE-2015-9268
- EPSS 0.57%
- Veröffentlicht 01.10.2018 08:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:12
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.