PT-2023-4535 · Nullsoft · Nullsoft Scriptable Install System

Sredna

Publicado

2023-07-03

Atualizado

2026-04-09

CVE-2023-37378

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System (NSIS) versions prior to 3.09

Description The issue is related to insufficient access control in the Nullsoft Scriptable Install System, which can be exploited by a remote attacker to elevate their privileges. This is due to the mishandling of access control for an uninstaller directory.

Recommendations For versions prior to 3.09, update to version 3.09 or later to resolve the issue. As a temporary workaround, consider restricting access to the uninstaller directory to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2023-04940

CVE-2023-37378

DLA-3483-1

DLA-3874-1

MGASA-2023-0236

Produtos afetados

Nullsoft Scriptable Install System

PT-2023-4535 · Nullsoft · Nullsoft Scriptable Install System

CVE-2023-37378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30