[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

Nils Dagsson Moskopp nils at dieweltistgarnichtso.net
Tue Jul 18 19:45:20 UTC 2017

Quote <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421>:

> gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection
> when generating thumbnails for MSI files, aka the "Bad Taste"
> issue. There is a local attack if the victim uses the GNOME Files file
> manager, and navigates to a directory containing a .msi file with
> VBScript code in its filename.

Note that thumbnailer issues could be exploited via drive-by downloads
with any web browser that does not ask users if files should be saved.

Salvatore Bonaccorso <carnil at debian.org> writes:

> Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for MSI files executes arbitrary VBScript
> Hi
> CVE-2017-11421 has been assigned for this issue.
> Regards,
> Salvatore

Nils Dagsson Moskopp // erlehmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-wine-party/attachments/20170718/534e9653/attachment.sig>

More information about the pkg-wine-party mailing list