[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript
Nils Dagsson Moskopp
nils at dieweltistgarnichtso.net
Tue Jul 18 19:45:20 UTC 2017
> gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection
> when generating thumbnails for MSI files, aka the "Bad Taste"
> issue. There is a local attack if the victim uses the GNOME Files file
> manager, and navigates to a directory containing a .msi file with
> VBScript code in its filename.
Note that thumbnailer issues could be exploited via drive-by downloads
with any web browser that does not ask users if files should be saved.
Salvatore Bonaccorso <carnil at debian.org> writes:
> Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for MSI files executes arbitrary VBScript
> CVE-2017-11421 has been assigned for this issue.
Nils Dagsson Moskopp // erlehmann
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: not available
More information about the pkg-wine-party