:: Re: [DNG] VBScript Injection via GN…
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] VBScript Injection via GNOME Thumbnailer
Quoting Joachim Fahrner (jf@???):

> That's the point. All these things made by Poettering, Gnome Team,
> Read Hat ... are rubbish monsters, too complex to make them safe.
> They put all things in they can think of. A thumbnailer that depends
> on wine! Unbelievable! That's no good and clean software.


Strictly speaking, I am reasonably sure it doesn't _depend_ on WINE, but
merely use it if it's present.

(I reiterate that the parser bug in /usr/bin/gnome-exe-thumbnailer
is damning, but note that it seems to be harmless in the general case,
and exploitable only on systems that also have WINE installed.)

--
Cheers,
Rick (not a GNOME fan) Moen
rick@???
McQ! (4x80)