Launchpad.net

CVE 2017-11421

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.

Related bugs and status

CVE-2017-11421 (Candidate) is related to these bugs:

Bug #651610: [CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source

		In	Importance	Status
651610	[CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source	gnome-exe-thumbnailer (Ubuntu)	Critical	Fix Released
651610	[CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source	gnome-exe-thumbnailer (Debian)	Unknown	Fix Released
651610	[CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source	gnome-exe-thumbnailer (Ubuntu Xenial)	Undecided	Fix Released
651610	[CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source	gnome-exe-thumbnailer (Ubuntu Zesty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-11421

Related bugs and status

Related bugs

References