Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN68418039/index.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html | Mailing List Third Party Advisory |
https://sourceforge.net/p/nsis/bugs/1125/ | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
15 Mar 2021, 22:28
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html - Mailing List, Third Party Advisory | |
References | (MISC) https://sourceforge.net/p/nsis/bugs/1125/ - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (JVN) http://jvn.jp/en/jp/JVN68418039/index.html - Third Party Advisory |
05 Mar 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-10-01 08:29
Updated : 2023-12-10 12:44
NVD link : CVE-2015-9268
Mitre link : CVE-2015-9268
CVE.ORG link : CVE-2015-9268
JSON object : View
Products Affected
debian
- debian_linux
nullsoft
- nullsoft_scriptable_install_system
CWE
CWE-20
Improper Input Validation