Nullsoft Scriptable Install System (NSIS) prior to 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nullsoft nullsoft scriptable install system |
||
debian debian linux 8.0 |