Nullsoft Scriptable Install System Security Vulnerabilities and Issues — Nullsoft Scriptable Install System CVE List

Lucene search

NullsoftNullsoft Scriptable Install System

4 matches found

CVE•added 2025/04/17 3:15 a.m.•60 views

CVE-2025-43715

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition....

8.1CVSS6.8AI score0.00028EPSS

CVE•added 2018/10/01 8:29 a.m.•55 views

CVE-2015-9268

Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.

9.3CVSS7.4AI score0.00569EPSS

CVE•added 2018/10/01 8:29 a.m.•45 views

CVE-2015-9267

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

5.5CVSS6AI score0.00044EPSS

CVE•added 2023/07/03 8:15 p.m.•37 views

CVE-2023-37378

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

5.3CVSS5.1AI score0.00393EPSS