Security Researcher Nils Dagsson Moskopp PoC shows that windows executables can infect Linux Systems. This Vulnerability(CVE-2017-11421) exists with the gnome-exe-thumbnailer version prior to 0.9.5.
Moskopp named this vulnerability as Bad Taste, this vulnerability resides with gnome-exe-thumbnailer that used by Gnome files.Also Read Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials
Moskopp derived a proof of concept by creating a file poc.xml and executed shell code while navigating to the folder with MSI files, GNOME Files takes it as an executable input and generate a thumbnail with the file name.
File manager GNOME employ configuration files from /usr/share/thumbnailers. With gnome-exe-thumbnailer installed the file /usr/share/thumbnailers/exe-dll-msi.thumbnailer consist of scripts to execute file Microsoft Windows executable (EXE), installer (MSI), library (DLL), or shortcut (LNK).
Thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved.
Moskopp Summarized Instead of parsing an MSI file to get its version number, this code creates a script containing the filename for which a thumbnail should be shown and executes that using Wine. The script is constructed using a template, which makes it possible to embed VBScript in a filename and trigger its execution.Moskopp also provided a remedy for Users and Developers.
Users should delete all file in /usr/share/thumbnailers and do not use GNOME Files. Uninstall whatever another programming that facilitates consequently executing parts of filenames as the code.
Try not to parse records with bug-ridden ad-hoc parsers. Completely recognize inputs before handling them. Try not to templates, utilize unparsers.
Also Read Linux Exploit Suggester Tool to Find the Linux OS Kernel Exploits
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting the growing, widespread use and potential…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such…
Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education. The latest update, Wireshark 4.2.4,…
Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we…
Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access. It's an…
Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the…
View Comments