Quote <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421>:

> gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection
> when generating thumbnails for MSI files, aka the "Bad Taste"
> issue. There is a local attack if the victim uses the GNOME Files file
> manager, and navigates to a directory containing a .msi file with
> VBScript code in its filename.

Note that thumbnailer issues could be exploited via drive-by downloads
with any web browser that does not ask users if files should be saved.

Salvatore Bonaccorso <car...@debian.org> writes:

> Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail 
> generation for MSI files executes arbitrary VBScript
>  
> Hi
>
> CVE-2017-11421 has been assigned for this issue.
>
> Regards,
> Salvatore

-- 
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>

Attachment: signature.asc
Description: PGP signature

_______________________________________________
pkg-wine-party mailing list
pkg-wine-party@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-wine-party

Reply via email to