Categories: Malware

Vulnerability Bad Taste Affects Linux Machine via Windows MSI Files

Security Researcher Nils Dagsson Moskopp PoC shows that windows executables can infect Linux Systems. This Vulnerability(CVE-2017-11421) exists with the gnome-exe-thumbnailer version prior to 0.9.5.

Moskopp named this vulnerability as Bad Taste, this vulnerability resides with gnome-exe-thumbnailer that used by Gnome files.

Also Read Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials

Vulnerability Execution

Moskopp derived a proof of concept by creating a file poc.xml and executed shell code while navigating to the folder with MSI files, GNOME Files takes it as an executable input and generate a thumbnail with the file name.

File manager GNOME employ configuration files from /usr/share/thumbnailers. With gnome-exe-thumbnailer installed the file /usr/share/thumbnailers/exe-dll-msi.thumbnailer consist of scripts to execute file Microsoft Windows executable (EXE), installer (MSI), library (DLL), or shortcut (LNK).

Thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved.

Moskopp Summarized Instead of parsing an MSI file to get its version number, this code creates a script containing the filename for which a thumbnail should be shown and executes that using Wine. The script is constructed using a template, which makes it possible to embed VBScript in a filename and trigger its execution.

Remedy for Users and Developers

Moskopp also provided a remedy for Users and Developers.

Users should delete all file in /usr/share/thumbnailers and do not use GNOME Files. Uninstall whatever another programming that facilitates consequently executing parts of filenames as the code.

Try not to parse records with bug-ridden ad-hoc parsers. Completely recognize inputs before handling them. Try not to templates, utilize unparsers.

Also Read Linux Exploit Suggester Tool to Find the Linux OS Kernel Exploits

Priya James

View Comments

Recent Posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting the growing, widespread use and potential…

12 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such…

14 hours ago

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education. The latest update, Wireshark 4.2.4,…

16 hours ago

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we…

16 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access. It's an…

17 hours ago

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the…

20 hours ago