Hi @ll, several McAfee "security" products, most notably their Security Scan Plus (see <http://seclists.org/fulldisclosure/2014/Apr/226> for a previous advisory) which Adobe pushes to unsuspecting users of Adobe Reader and Flash Player, are offered as executable installers built with the vulnerable Nullsoft Scriptable Install System (NSIS) (see <http://seclists.org/fulldisclosure/2015/Dec/32> for details). These executable installers are vulnerable and allow arbitrary (remote) code execution and escalation of privilege via the well- known attacks already published in the advisory regarding NSIS and the advisory <http://seclists.org/fulldisclosure/2015/Nov/101> titled Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers For details specific to Intel's/McAfee's products and their vulnerabilities see Intel's Security Bulletin published today: <https://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102462> stay tuned Stefan Kanthak
