A a German researcher identify Miles Moskopp has found a code injection that makes use of the thumbnail handler aspect within the GNOME Data. This file supervisor that may allow hackers to run malicious code on Linux machines.
This new vulnerability resides in “gnome-exe-thumbnailer” — a instrument to generate thumbnails from House home windows executable recordsdata (.exe/.msi/.dll/.lnk) for GNOME, which requires clients to have Wine utility put in on their strategies to open it.
Moskopp has additionally discovered that GNOME Data takes the filename as an executable enter and run it in order to create an image thumbnail.
For this exploitation an attacker can ship a crafted House home windows installer (MSI) file with malicious VBScript code in its filename, which if downloaded on a inclined system would compromise the machine with out extra client interaction.
The flaw will in all probability be exploited by potential hackers using completely different assault vectors as properly, as an example, by immediately inserting a USB-drive with a malicious file saved on it, or delivering the malicious file via drive-by-downloads.
Methods To Defend Your self
The vulnerability impacts gnome-exe-thumbnailer sooner than zero.9.5 mannequin. So, for individuals who run a Linux OS with the GNOME desktop, confirm for updates immediately sooner than you turn into affected by this important vulnerability.
Consumer must also:
- Delete all recordsdata in /usr/share/thumbnailers.
- Do not use GNOME Data.
- Uninstall any software program program that facilitates routinely execution of filenames as code.