From 889efad2e80511a5783882728640dec6ce35ce15 Mon Sep 17 00:00:00 2001 From: Maverick Doan <144667093+sharkysondoan@users.noreply.github.com> Date: Thu, 3 Jul 2025 22:53:31 +1000 Subject: [PATCH] Fix uninstaller security issue (CVE-2025-49144) Fix #16787, close #16788 --- PowerEditor/installer/nsisInclude/uninstall.nsh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/PowerEditor/installer/nsisInclude/uninstall.nsh b/PowerEditor/installer/nsisInclude/uninstall.nsh index ee1f5dc72..1977d303c 100644 --- a/PowerEditor/installer/nsisInclude/uninstall.nsh +++ b/PowerEditor/installer/nsisInclude/uninstall.nsh @@ -55,12 +55,12 @@ FunctionEnd Section un.explorerContextMenu - ExecWait 'regsvr32 /u /s "$INSTDIR\NppShell_01.dll"' - ExecWait 'regsvr32 /u /s "$INSTDIR\NppShell_02.dll"' - ExecWait 'regsvr32 /u /s "$INSTDIR\NppShell_03.dll"' - ExecWait 'regsvr32 /u /s "$INSTDIR\NppShell_04.dll"' - ExecWait 'regsvr32 /u /s "$INSTDIR\NppShell_05.dll"' - ExecWait 'regsvr32 /u /s "$INSTDIR\NppShell_06.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\NppShell_01.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\NppShell_02.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\NppShell_03.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\NppShell_04.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\NppShell_05.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\NppShell_06.dll"' Delete "$INSTDIR\NppShell_01.dll" Delete "$INSTDIR\NppShell_02.dll" Delete "$INSTDIR\NppShell_03.dll" @@ -68,7 +68,7 @@ Section un.explorerContextMenu Delete "$INSTDIR\NppShell_05.dll" Delete "$INSTDIR\NppShell_06.dll" - ExecWait 'regsvr32 /u /s "$INSTDIR\contextmenu\NppShell.dll"' + ExecWait '"$winSysDir\regsvr32.exe" /u /s "$INSTDIR\contextmenu\NppShell.dll"' SectionEnd Section un.UnregisterFileExt @@ -295,7 +295,7 @@ Section Uninstall ; In order to not delete context menu binary before we unregistered it, ; we delete them at the end, using the CleanupDll function, since it can be locked by explorer. IfFileExists "$INSTDIR\contextmenu\NppShell.dll" 0 +2 - ExecWait 'rundll32.exe "$INSTDIR\contextmenu\NppShell.dll",CleanupDll' + ExecWait '"$winSysDir\rundll32.exe" "$INSTDIR\contextmenu\NppShell.dll",CleanupDll' Delete "$INSTDIR\contextmenu\NppShell.msix"