CVE-2017-11421 Information

Description

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files aka the \Bad Taste\ issue. There is a local attack if the victim uses the GNOME Files file manager and navigates to a directory containing a .msi file with VBScript code in its filename.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html http://www.securityfocus.com/bid/99922 https://bugs.debian.org/868705 https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8