CVE-2015-9268

Published: Oct 1, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.

Affected (2)

Products: Nullsoft: Nullsoft Scriptable Install System · Debian: Debian Linux

Nullsoft

1 product

Nullsoft Scriptable Install System

Debian

1 product

Debian Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nullsoft Nullsoft Scriptable Install System	Before 2.49

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://jvn.jp/en/jp/JVN68418039/index.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://sourceforge.net/p/nsis/bugs/1125/

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

http://jvn.jp/en/jp/JVN68418039/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://sourceforge.net/p/nsis/bugs/1125/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.