Ameenbasha111

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions 3.0.3 through 3.2.4 **Description** The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Client invokes its uninstaller script when being installed to ensure no remnants of previous installations exist. In the affected versions, the Client searches for the `Uninstall.exe` file in a folder that can be written by regular users. This could allow a malicious user to create a malicious `Uninstall.exe`, which would be executed with administrative privileges during the Nextcloud Desktop Client installation. **Recommendations** For Nextcloud Desktop Client versions 3.0.3 through 3.2.4, update to version 3.3.0 to resolve the issue. As a temporary workaround, do not allow untrusted users to create content in the `C:` system folder and verify that there is no malicious `C:Uninstall.exe` file on the system.