[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

[Nils Dagsson Moskopp]

Quote :

> gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection
> when generating thumbnails for MSI files, aka the "Bad Taste"
> issue. There is a local attack if the victim uses the GNOME Files file
> manager, and navigates to a directory containing a .msi file with
> VBScript code in its filename.

Note that thumbnailer issues could be exploited via drive-by downloads
with any web browser that does not ask users if files should be saved.

Salvatore Bonaccorso  writes:

> Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail 
> generation for MSI files executes arbitrary VBScript
>  
> Hi
>
> CVE-2017-11421 has been assigned for this issue.
>
> Regards,
> Salvatore

-- 
Nils Dagsson Moskopp // erlehmann



signature.asc
Description: PGP signature
___
pkg-wine-party mailing list
pkg-wine-party@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-wine-party

[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

[Salvatore Bonaccorso]

Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation 
for MSI files executes arbitrary VBScript
 
Hi

CVE-2017-11421 has been assigned for this issue.

Regards,
Salvatore

___
pkg-wine-party mailing list
pkg-wine-party@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-wine-party