MOABI : Continuous Software Improvement

CVE-2015-9267
Description	Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
Impact	CVSS v3 : 5.5 MEDIUM CVSS v2 : 3.6 LOW
Type	CWE-269
Attack Vector	CVSSv2 Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://jvn.jp/en/jp/JVN68418039/index.html https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html https://sourceforge.net/p/nsis/bugs/1125/