Navigation
Search
|
A remote code execution vulnerability in GNOME
Tuesday October 10, 2023. 03:47 PM , from LWN.net
The GitHub blog describes
a vulnerability in the libcue library (which is used by the GNOME desktop) that can be exploited by a remote attacker to run code on a desktop system if the target can be convinced to click on a malicious link. The video shows me clicking a link in a webpage, which causes a cue sheet to be downloaded. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a.cue filename extension, tracker-miners uses libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution and pop a calculator.
https://lwn.net/Articles/947236/
|
25 sources
Current Date
May, Tue 21 - 07:07 CEST
|