Navigation
Recherche
|
A remote code execution vulnerability in GNOME
mardi 10 octobre 2023, 15:47 , par LWN.net
The GitHub blog describes
a vulnerability in the libcue library (which is used by the GNOME desktop) that can be exploited by a remote attacker to run code on a desktop system if the target can be convinced to click on a malicious link. The video shows me clicking a link in a webpage, which causes a cue sheet to be downloaded. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a.cue filename extension, tracker-miners uses libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution and pop a calculator.
https://lwn.net/Articles/947236/
|
56 sources (32 en français)
Date Actuelle
mar. 30 avril - 05:27 CEST
|