Quote <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421>:
> gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection > when generating thumbnails for MSI files, aka the "Bad Taste" > issue. There is a local attack if the victim uses the GNOME Files file > manager, and navigates to a directory containing a .msi file with > VBScript code in its filename. Note that thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved. Salvatore Bonaccorso <car...@debian.org> writes: > Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail > generation for MSI files executes arbitrary VBScript > > Hi > > CVE-2017-11421 has been assigned for this issue. > > Regards, > Salvatore -- Nils Dagsson Moskopp // erlehmann <http://dieweltistgarnichtso.net>
signature.asc
Description: PGP signature
