{"id":"CVE-2015-9267","details":"Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.","modified":"2026-04-10T03:46:36.501816Z","published":"2018-10-01T08:29:00Z","references":[{"type":"ADVISORY","url":"http://jvn.jp/en/jp/JVN68418039/index.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"},{"type":"ADVISORY","url":"https://sourceforge.net/p/nsis/bugs/1125/"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"},{"type":"EVIDENCE","url":"https://sourceforge.net/p/nsis/bugs/1125/"},{"type":"FIX","url":"https://sourceforge.net/p/nsis/bugs/1125/"},{"type":"REPORT","url":"https://sourceforge.net/p/nsis/bugs/1125/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}