Because Windows executables haven't wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems.
This scenario is possible because of a vulnerability discovered by German IT expert Nils Dagsson Moskopp, which he named "
Bad Taste."
Vulnerability resides in GNOME Files file manager
The vulnerability resides in gnome-exe-thumbnailer, a third-party thumbnailer used by
GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.
Moskopp discovered that he could hide malicious VBScript inside names of MSI files. When the user accesses a folder on his computer where this malicious MSI file is saved, GNOME Files would automatically parse the file to extract an icon from its content and display it in the file explorer window.
The problem is that when parsing the MSI file looking for its icon, the thumbnailer script also reads the filename and executes the code found within.
At the heart of this vulnerability are thumbnailer configuration files located in /usr/share/thumbnailers, which Gnome Files uses to parse files stored on a Linux computer to display icons or generate thumbnails.
Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation
Suricata for Beginners: Your First Step into Network Threat Detection (Linux, Windows, macOS)!
Attacker Relies on Retired IE and Parlour Tricks for More than a Year