| Description: | Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. It was discovered that NSIS incorrectly handled temporary folders. An attacker could possibly use this issue to execute arbitrary commands.
|