| Description: | Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. It was discovered that NSIS incorrectly handled temporary folders. An attacker could possibly use this issue to execute arbitrary commands.
|