Vulnerability Bad Taste Affects Linux Machine via Windows MSI Files

Security Researcher Nils Dagsson Moskopp PoC shows that windows executables can infect Linux Systems. This Vulnerability(CVE-2017-11421) exists with the gnome-exe-thumbnailer version prior to 0.9.5.

Moskopp named this vulnerability as Bad Taste, this vulnerability resides with gnome-exe-thumbnailer that used by Gnome files.

Also Read Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials

Vulnerability Execution

Moskopp derived a proof of concept by creating a file poc.xml and executed shell code while navigating to the folder with MSI files, GNOME Files takes it as an executable input and generate a thumbnail with the file name.

File manager GNOME employ configuration files from /usr/share/thumbnailers. With gnome-exe-thumbnailer installed the file /usr/share/thumbnailers/exe-dll-msi.thumbnailer consist of scripts to execute file Microsoft Windows executable (EXE), installer (MSI), library (DLL), or shortcut (LNK).

Thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved.

Moskopp Summarized Instead of parsing an MSI file to get its version number, this code creates a script containing the filename for which a thumbnail should be shown and executes that using Wine. The script is constructed using a template, which makes it possible to embed VBScript in a filename and trigger its execution.

Remedy for Users and Developers

Moskopp also provided a remedy for Users and Developers.

Users should delete all file in /usr/share/thumbnailers and do not use GNOME Files. Uninstall whatever another programming that facilitates consequently executing parts of filenames as the code.

Try not to parse records with bug-ridden ad-hoc parsers. Completely recognize inputs before handling them. Try not to templates, utilize unparsers.

Also Read Linux Exploit Suggester Tool to Find the Linux OS Kernel Exploits