Date: Wed, 19 Jul 2017 11:06:51 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: gnome-exe-thumbnailer: CVE-2017-11421: VBScript script injection when generating thumbnails for MSI files Hi MITRE has assigned CVE-2017-11421 for the following issue in gnome-exe-thumbnailer, a Wine .exe and other executable thumbnailer for GNOME: gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. Upstream fix: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 References: https://bugs.debian.org/868705 http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.