Security News "Bad Taste" Vulnerability Affects Linux Systems via Malicious Windows MSI Files

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Because Windows executables haven't wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems.

This scenario is possible because of a vulnerability discovered by German IT expert Nils Dagsson Moskopp, which he named "Bad Taste."

Vulnerability resides in GNOME Files file manager
The vulnerability resides in gnome-exe-thumbnailer, a third-party thumbnailer used by GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.

Moskopp discovered that he could hide malicious VBScript inside names of MSI files. When the user accesses a folder on his computer where this malicious MSI file is saved, GNOME Files would automatically parse the file to extract an icon from its content and display it in the file explorer window.

The problem is that when parsing the MSI file looking for its icon, the thumbnailer script also reads the filename and executes the code found within.

At the heart of this vulnerability are thumbnailer configuration files located in /usr/share/thumbnailers, which Gnome Files uses to parse files stored on a Linux computer to display icons or generate thumbnails.

Users can protect themselves
To avoid problems caused by the issue he discovered, Moskopp recommends that users delete
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top