A now-patched vulnerability in the GNOME Files file manager was recently discovered which allowed hackers to create dodgy MSI files which would run malicious VBScript code on Linux. The proof-of-concept built by a researcher as a demonstration created an empty file with the name badtaste.txt on the targeted computer; if the vulnerability is used by an attacker they could wreak havoc for users.
The bug only affects the GNOME Files file manager but one alternative, Caja, which is closely related to GNOME Files, isn’t affected. Once Nils Dagsson Moskopp discovered the bug, he reported it to the Debian Project which fixed it very rapidly. The GNOME Project also patched the gnome-exe-thumbnailer file which is responsible for parsing MSI and EXE files inside the GNOME Files app.
In order to be affected by the malware, a user has to download the MSI file. This could be achieved by deceiving a victim, or it could be downloaded automatically via a drive-by download. Discussing drive-by downloads, Moskopp said:
“[The] thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved.”
Several browsers allow automatic downloads, including, worryingly, Google Chrome, the browser with the biggest market share right now. If you run a Linux distribution with the GNOME desktop it’s advisable to run the update manager and check for updates as soon as possible before you become affected by this critical vulnerability.
Source: Bleeping Computer