CVE-2015-9267

Sažetak

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

Reference

http://jvn.jp/en/jp/JVN68418039/index.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html
https://sourceforge.net/p/nsis/bugs/1125/

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

15-03-2021 - 22:29

Objavljeno

01-10-2018 - 08:29