Because Windows executables haven’t wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems.
This scenario is possible because of a vulnerability discovered by German IT expert Nils Dagsson Moskopp, which he named “Bad Taste.”
The vulnerability resides in gnome-exe-thumbnailer, a third-party thumbnailer used by GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.
Moskopp discovered that he could hide malicious VBScript inside names of MSI files. When the user accesses a folder on his computer where this malicious MSI file is saved, GNOME Files would automatically parse the file to extract an icon from its content and display it in the file explorer window.
The problem is that when parsing the MSI file looking for its icon, the thumbnailer script also reads the filename and executes the code found within.
At the heart of this vulnerability are thumbnailer configuration files located in /usr/share/thumbnailers, which Gnome Files uses to parse files stored on a Linux computer to display icons or generate thumbnails.
To avoid problems caused by the issue he discovered, Moskopp recommends that users delete the all files found in /usr/share/thumbnailers, or stop using GNOME Files for the time being.
Submitted by: Arnfried Walbrecht
Comments are closed.