Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


"Bad Taste" Vulnerability Affects Linux Systems via Malicious Windows MSI Files

  • Please log in to reply
3 replies to this topic

#1 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,710 posts
  • Gender:Male
  • Location: Australia
  • Local time:03:18 PM

Posted 23 July 2017 - 05:21 PM

Article by Catalin Cimpanu

The vulnerability resides in gnome-exe-thumbnailer, a third-party thumbnailer used by GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.
Moskopp discovered that he could hide malicious VBScript inside names of MSI files. When the user accesses a folder on his computer where this malicious MSI file is saved, GNOME Files would automatically parse the file to extract an icon from its content and display it in the file explorer window.
The problem is that when parsing the MSI file looking for its icon, the thumbnailer script also reads the filename and executes the code found within.
At the heart of this vulnerability are thumbnailer configuration files located in /usr/share/thumbnailers, which Gnome Files uses to parse files stored on a Linux computer to display icons or generate thumbnails.

Please discuss this subject in Catalin Cimpanu's post

Edited by NickAu, 23 July 2017 - 05:22 PM.

BC AdBot (Login to Remove)


#2 rufwoof


  • Members
  • 136 posts
  • Local time:04:18 AM

Posted 24 July 2017 - 05:22 PM

Isn't Mate's Caja a fork of Nautilus ... perhaps that might also be vulnerable ???

OpenBSD (-current)

#3 The-Toolman


  • Members
  • 1,488 posts
  • Gender:Male
  • Local time:10:18 PM

Posted 24 July 2017 - 05:59 PM

I ran across these.








Edited by The-Toolman, 24 July 2017 - 07:05 PM.

I'm grumpy because I can be not because I'm old.


The world is what you make of it, if it doesn't fit, you make alterations.


Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)

#4 mremski


  • Members
  • 498 posts
  • Gender:Male
  • Location:NH
  • Local time:12:18 AM

Posted 26 July 2017 - 02:51 AM

So if one doesn't use a file manager and just does various forms of "ls" in a terminal window, you're not affected unless you do a "file" command.

FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users