{"vuid":"VU#894897","idnumber":"894897","name":"NSIS Inetc plug-in fails to validate SSL certificates","keywords":["Nullsoft Installer","HTTPS","evilgrade","MiTM proxy"],"overview":"The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing.","clean_desc":"Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet. Although Inetc supports the ability to download files using the HTTPS protocol, it does not validate SSL certificate chains.","impact":"An attacker can spoof content retrieved using HTTPS. Depending on what the installer does with content retrieved over HTTPS, the impact can be as severe as arbitrary code execution with elevated privileges.","resolution":"Apply an update This issue is resolved in Inetc builds starting September 6, 2015. This version no longer passes any SECURITY_FLAG_IGNORE_* flags to WinINet by default.","workarounds":"Only install software while connected to a trusted network Because the Inetc plugin does not validate SSL certificates, any software installers that are NSIS-based should not be used while connected to a network that is either inherently untrusted, or one that has untrusted users on it.","sysaffected":"","thanks":"This vulnerability was reported by Will Dormann of the CERT/CC.","author":"This document was written by Will Dormann.","public":["http://nsis.sourceforge.net","http://nsis.sourceforge.net/Inetc_plug-in","https://sourceforge.net/p/nsis/bugs/1022/","http://forums.winamp.com/showthread.php?p=3018645#post3018645"],"cveids":["CVE-2015-0941"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-01-31T21:18:02Z","publicdate":"2011-01-31T00:00:00Z","datefirstpublished":"2015-03-20T17:32:07Z","dateupdated":"2015-09-08T15:54:40Z","revision":27,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.3","cvss_basevector":"AV:A/AC:M/Au:N/C:C/I:C/A:--","cvss_temporalscore":"7.3","cvss_environmentalscore":"7.34213058432","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}