Anders

2 exploits Active since Jul 2023

CVE-2026-42171 WRITEUP HIGH WRITEUP

Nullsoft Scriptable Install System <3.12 - Privilege Escalation

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

CVSS 7.8

View Code

CVE-2023-37378 WRITEUP MEDIUM WRITEUP

Nullsoft Scriptable Install System <3.09 - Privilege Escalation

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

CVSS 5.3

View Code