CVE-2026-42171 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain…
High CVSS: 7.8

CVE-2026-42171

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
Vendor
-
Product
-
CWE
CWE-427
Yayın Tarihi
2026-04-24 22:16:01
Güncelleme
2026-04-24 22:16:01
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-427 HIGH 2026

Referanslar

https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484 https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl