Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Jul 2017 11:06:51 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: gnome-exe-thumbnailer: CVE-2017-11421: VBScript script injection
 when generating thumbnails for MSI files


MITRE has assigned CVE-2017-11421 for the following issue in
gnome-exe-thumbnailer, a Wine .exe and other executable thumbnailer
for GNOME:

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection
when generating thumbnails for MSI files. There is a local attack if
the victim uses the GNOME Files file manager, and navigates to a
directory containing a .msi file with VBScript code in its filename.

Upstream fix:



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.