CVE-2015-9267

Published: Oct 1, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

Affected (2)

Products: Nullsoft: Nullsoft Scriptable Install System · Debian: Debian Linux

1 product

Nullsoft Scriptable Install System

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nullsoft Nullsoft Scriptable Install System	Before 2.49

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://jvn.jp/en/jp/JVN68418039/index.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://sourceforge.net/p/nsis/bugs/1125/

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

http://jvn.jp/en/jp/JVN68418039/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://sourceforge.net/p/nsis/bugs/1125/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.