"Bad Taste"

A German researcher named Nils Dagsson Moskopp discovered a vulnerability, CVE-2017-11421, that he dubbed “Bad Taste,” affecting GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop. Successful exploitation of this vulnerability could allow a threat actor to gain an initial foothold on vulnerable systems. Moskopp published a proof of concept demonstrating an exploit of the vulnerability by dropping an empty file with the name badtaste.txt on a user's computer, but he states a remote threat actor could do more damage. The Debian project patched the vulnerability hours after it was reported by Moskopp, and the gnome-exe-thumbnailer, which parses MSI and EXE files inside the GNOME Files app, was also fixed. The NJCCIC recommends users and administrators using GNOME Files review Moskopp’spost and the subsequent Bleeping Computer article, follow the recommendation to delete all files found in /usr/share/thumbnailers, and apply any necessary updates.