CVE-2015-9268

CVE-2015-9268 affects Nullsoft Scriptable Install System (NSIS) prior to 2.49, which has unsafe implicit linking against Version.dll. The description in the CVE notes that there is no protection mechanism to resolve the dependency at runtime, indicating a potential for misuse during installation ...

CVE-2023-37378

CVE-2023-37378 concerns Nullsoft Scriptable Install System (NSIS) prior to 3.09, where an uninstaller directory’s access control is mishandled. This could enable an attacker with local access to abuse the uninstaller folder if NSIS is used on a system, potentially permitting escalation of privile...

CVE-2015-9267

CVE-2015-9267 affects NSIS (Nullsoft Scriptable Install System) before 2.49. The vulnerability arises from the use of temporary folder locations, enabling unprivileged local users to overwrite files, which can allow replacing either an installer plugin or the uninstaller with a trojan. In practic...

CVE-2026-42171

NSIS 3.06.1 before 3.12 is affected: it may use the Low IL temp directory when running as SYSTEM, enabling local privilege escalation if my_GetTempFileName returns 0. Root cause is in the temp file handling, with a potential path-based abuse. Impact is local elevation of privileges with HIGH conf...