Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CVE-2015-9267 (debian_linux, nullsoft_scriptable_install_system)
Leave a reply
