CVE-2015-9267

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System (NSIS) versions prior to 2.49

Description The issue allows unprivileged local users to overwrite files due to the use of temporary folder locations. This can lead to a local attack where a plugin or the uninstaller can be replaced by a Trojan horse program.

Recommendations For versions prior to 2.49, update to version 2.49 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary folder locations used by NSIS to minimize the risk of exploitation.