Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
5.5CVSS
6AI Score
0.001EPSS
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
7.8CVSS
7.4AI Score
0.002EPSS
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.
5.3CVSS
5.1AI Score
0.001EPSS