Jim Park

1 exploit Active since Apr 2026
CVE-2026-42171 WRITEUP HIGH WRITEUP
Nullsoft Scriptable Install System <3.12 - Privilege Escalation
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
CVSS 7.8