The vulnerability resides in gnome-exe-thumbnailer, a third-party thumbnailer used by GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.
Moskopp discovered that he could hide malicious VBScript inside names of MSI files. When the user accesses a folder on his computer where this malicious MSI file is saved, GNOME Files would automatically parse the file to extract an icon from its content and display it in the file explorer window.
The problem is that when parsing the MSI file looking for its icon, the thumbnailer script also reads the filename and executes the code found within.
At the heart of this vulnerability are thumbnailer configuration files located in /usr/share/thumbnailers, which Gnome Files uses to parse files stored on a Linux computer to display icons or generate thumbnails.
Please discuss this subject in Catalin Cimpanu's post
Edited by NickAu, 23 July 2017 - 05:22 PM.