Handler on Duty: Jesse La Grew
Threat Level: green
| Published | 2026-04-24 22:16:01 |
|---|---|
| Last Modified | 2026-04-24 22:16:01 |
| AKA | CVE-2026-42171 |
| Summary | NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references). |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |