CVE-2015-0941

Description

The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files.

PUBLISHED Reserved 2015-01-10 | Published 2015-03-22 | Updated 2024-08-06 | Assigner certcc

References

www.kb.cert.org/vuls/id/894897 (VU#894897) third-party-advisory

www.kb.cert.org/vuls/id/894897 (VU#894897) third-party-advisory

cve.org (CVE-2015-0941)

nvd.nist.gov (CVE-2015-0941)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.