Andre Heinecke

**Name of the Vulnerable Software and Affected Versions** Nullsoft Scriptable Install System (NSIS) versions prior to 2.49 **Description** The issue allows unprivileged local users to overwrite files due to the use of temporary folder locations. This can lead to a local attack where a plugin or the uninstaller can be replaced by a Trojan horse program. **Recommendations** For versions prior to 2.49, update to version 2.49 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary folder locations used by NSIS to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nullsoft Scriptable Install System (NSIS) versions prior to 2.49 **Description** The issue concerns unsafe implicit linking against Version.dll, meaning there is no protection mechanism to resolve the dependency at an appropriate time during runtime. This lack of a wrapper function to manage dependencies can lead to potential security issues. **Recommendations** For versions prior to 2.49, update to version 2.49 or later to resolve the issue.