go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

【TVN201902131351336Iu】A DLL Hijacking vulnerability exists in Nullsoft Scriptable Install System (NSIS) before 2.49, effect all installers that created by NSIS.

Date:
Font-stze:
  • Department:TWCERT/CC
  • Update:2019-04-15
  • Count Views:120
A DLL Hijacking vulnerability exists in Nullsoft Scriptable Install System (NSIS) before 2.49, effect all installers that created by NSIS.
Content A DLL Hijacking vulnerability exists in Nullsoft Scriptable Install System (NSIS) before 2.49, effect all installers that created by NSIS.
Report Date 2019-02-14
Incident Date 2019-02-12
Influence Products

All installers created by NSIS 2.49 and before.

Known affected products:

TaishinBank.exe before 2.0.48

TaishinBankChromeEdge.exe before 2.0.48

Describe There is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
CVE ID CVE-2015-9268
Solution
  1. Only download application from official web site.
  2. If you use NSIS to create your own installer, please check version of NSIS and, if it is necessary, create a new installer.
Report Person Honc (章哲瑜)

 

Top