Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
nullsoft_scriptable_install_system | lt | 2.49 |