[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript
Nils Dagsson Moskopp
nils at dieweltistgarnichtso.net
Tue Jul 18 19:45:20 UTC 2017
Quote <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421>:
> gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection
> when generating thumbnails for MSI files, aka the "Bad Taste"
> issue. There is a local attack if the victim uses the GNOME Files file
> manager, and navigates to a directory containing a .msi file with
> VBScript code in its filename.
Note that thumbnailer issues could be exploited via drive-by downloads
with any web browser that does not ask users if files should be saved.
Salvatore Bonaccorso <carnil at debian.org> writes:
> Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for MSI files executes arbitrary VBScript
>
> Hi
>
> CVE-2017-11421 has been assigned for this issue.
>
> Regards,
> Salvatore
--
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wine-party/attachments/20170718/534e9653/attachment.sig>
More information about the pkg-wine-party
mailing list