Quoting Joachim Fahrner ([email protected]): > Another nice bug in Gnome: > http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
I feel almost dirty making excuses for GNOME ;-> , but this bug in /usr/bin/gnome-exe-thumbnailer appears to be exploitable only if WINE is installed and findable by that GNOME utility. The thumbnailer invokes WINE's cscript.exe, which appears to be a Windows Scripting Host command interpreter -- and thus run VBScript. OTOH, clearly the parser code in /usr/bin/gnome-exe-thumbnailer is rubbish, as it shouldn't be possible to fool it into processing embedded VBSCript in a filename. -- Cheers, 299792458 meters per second. Not Rick Moen just a good idea. It's the law. [email protected] McQ! (4x80 _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
