Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0941


Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0941
Last Modified 24 Mar 2015 12:11:18
Published 21 Mar 2015 09:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files.

Vulnerable Systems


  • Inetc Project Inetc


CERT-VN - VU#894897

Last Updated: 27 May 2016 11:08:12