Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN68418039/index.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html | Mailing List Third Party Advisory |
https://sourceforge.net/p/nsis/bugs/1125/ | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
15 Mar 2021, 22:29
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html - Mailing List, Third Party Advisory | |
References | (MISC) https://sourceforge.net/p/nsis/bugs/1125/ - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (JVN) http://jvn.jp/en/jp/JVN68418039/index.html - Third Party Advisory |
05 Mar 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-10-01 08:29
Updated : 2023-12-10 12:44
NVD link : CVE-2015-9267
Mitre link : CVE-2015-9267
CVE.ORG link : CVE-2015-9267
JSON object : View
Products Affected
debian
- debian_linux
nullsoft
- nullsoft_scriptable_install_system
CWE
CWE-269
Improper Privilege Management