gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.
References
| Link | Resource |
|---|---|
| http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html | Third Party Advisory |
| http://www.securityfocus.com/bid/99922 | |
| https://bugs.debian.org/868705 | Issue Tracking Third Party Advisory |
| https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 | Issue Tracking Patch Third Party Advisory |
| http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html | Third Party Advisory |
| http://www.securityfocus.com/bid/99922 | |
| https://bugs.debian.org/868705 | Issue Tracking Third Party Advisory |
| https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 | Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html - Third Party Advisory | |
| References | () http://www.securityfocus.com/bid/99922 - | |
| References | () https://bugs.debian.org/868705 - Issue Tracking, Third Party Advisory | |
| References | () https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2017-07-18 19:29
Updated : 2024-11-21 03:07
NVD link : CVE-2017-11421
Mitre link : CVE-2017-11421
CVE.ORG link : CVE-2017-11421
JSON object : View
Products Affected
gnome-exe-thumbnailer_project
- gnome-exe-thumbnailer
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')