CVE-2017-11421
high
CVSS v3
7.8
CVSS v4 NEW
โ
VIR risk
7.8
Description
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.
Predictions
Exploit likelihood
75%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gnome-exe-thumbnailer_project | gnome-exe-thumbnailer | {"endIncluding":"0.9.4"} | |
References
- http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
- http://www.securityfocus.com/bid/99922
- https://bugs.debian.org/868705
- https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
- http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
- http://www.securityfocus.com/bid/99922
- https://bugs.debian.org/868705
- https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
CWEs
CWE-94
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.