Security Researcher Nils Dagsson Moskopp PoC shows that windows executables can infect Linux Systems. This Vulnerability(CVE-2017-11421) exists with the gnome-exe-thumbnailer version prior to 0.9.5.Moskopp named this vulnerability as Bad Taste, this vulnerability resides with gnome-exe-thumbnailer that used by Gnome files.
Moskopp derived a proof of concept by creating a file poc.xml and executed shell code while navigating to the folder with MSI files, GNOME Files takes it as an executable input and generate a thumbnail with the file name.
File manager GNOME employ configuration files from /usr/share/thumbnailers. With gnome-exe-thumbnailer installed the file /usr/share/thumbnailers/exe-dll-msi.thumbnailer consist of scripts to execute file Microsoft Windows executable (EXE), installer (MSI), library (DLL), or shortcut (LNK).
Moskopp told Bleeping Computer that “thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved.”Moskopp Summarized Instead of parsing an MSI file to get its version number, this code creates a script containing the filename for which a thumbnail should be shown and executes that using Wine. The script is constructed using a template, which makes it possible to embed VBScript in a filename and trigger its execution.
Remedy for Users and Developers
Moskopp also provided a remedy for Users and Developers.
Users should delete all file in /usr/share/thumbnailers and do not use GNOME Files. Uninstall whatever another programming that facilitates consequently executing parts of filenames as the code.
Try not to parse records with bug-ridden ad-hoc parsers. Completely recognize inputs before handling them. Try not to templates, utilize unparsers.