Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage

Description The NSIS uninstaller package did not enforce appropriate permissions on the temporary directory used during the uninstall process. Furthermore, it did not ensure that the temporary directory was removed before running executable content from it. This could potentially result in privilege escalation under certain scenarios. Impact A low-privileged, local attacker could exploit this vulnerability […]

advisory directory escalation impact insecure installer package permissions privilege privilege escalation process result running system technical technical advisories under vulnerability