A security researcher has discovered a code injection vulnerability in a tool to generate thumbnails from Windows executable files. The vulnerability (CVE-2017-11421) was discovered by German researcher Nils Dagsson Moskopp. For successful exploitation of the vulnerability, an attacker can send a crafted Windows installer (MSI) file with malicious VBScript code in its filename. The flaw can be exploited by potential hackers using other attack vectors as well, for example, or delivering the malicious file via drive-by-downloads.
Source: https://thehackernews.com/2017/07/linux-gnome-vulnerability.html