Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:2ABD66F22FDDC3855E00D93FD5F9AA53
HistorySep 12, 2013 - 12:00 a.m.

Windows Crafted Theme File Handling Vulnerability

2013-09-1200:00:00
SAINT Corporation
www.saintcorporation.com
17

0.951 High

EPSS

Percentile

99.1%

JSON

Added: 09/12/2013
CVE: CVE-2013-0810
BID: 62176
OSVDB: 97136

Background

Microsoft Windows themes are a combination of personalization settings that change how the user’s desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and screen saver.

Problem

Microsoft Windows is vulnerable to remote code execution, in the context of the logged-in user, as a result of improper handling of theme files and screen savers.

Resolution

Apply the update referenced in Microsoft Security Bulletin MS13-071.

References

<http://secunia.com/advisories/54736/&gt;

Limitations

Exploit works on Microsoft Windows XP SP3 English (DEP OptIn).

One of the programs **smbclient** or **mount_smbfs** must be available on the SAINT host.

An SMB share which is anonymously readable by the target computer, and a user name and password with write access to that share, must be specified.

The vulnerable user must save the THEME file via right-click menu. The vulnerability is triggered when the file is opened and the Screen Saver tab is selected.

Platforms

Windows

Related

openvas 2
saint 3
symantec 1
cve 1
checkpoint_advisories 2
nessus 1
zdt 2
prion 1
packetstorm 1
exploitpack 1
exploitdb 1
securityvulns 1
openvas
openvas
Microsoft Windows Theme File Remote Code Execution Vulnerability (2864063)
2013-09-11 00:00:00
Microsoft Windows Theme File Remote Code Execution Vulnerability (2864063)
2013-09-11 00:00:00
saint
saint
Windows Crafted Theme File Handling Vulnerability
2013-09-12 00:00:00
Windows Crafted Theme File Handling Vulnerability
2013-09-12 00:00:00
Windows Crafted Theme File Handling Vulnerability
2013-09-12 00:00:00
symantec
symantec
Microsoft Windows Theme File CVE-2013-0810 Remote Code Execution Vulnerability
2013-09-10 00:00:00
cve
cve
CVE-2013-0810
2013-09-11 14:03:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Theme File Remote Code Execution - Ver2 (CVE-2013-0810)
2014-03-31 00:00:00
Microsoft Windows Theme File Remote Code Execution (MS13-071; CVE-2013-0810)
2013-09-10 00:00:00
nessus
nessus
MS13-071: Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
2013-09-11 00:00:00
zdt
zdt
MS13-071 Microsoft Windows Theme File Handling Code Execution
2013-09-21 00:00:00
Microsoft Windows 10 - Theme API (ThemePack) File Parsing Exploit
2020-01-29 00:00:00
prion
prion
Remote code execution
2013-09-11 14:03:00
packetstorm
packetstorm
MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
2013-09-20 00:00:00
exploitpack
exploitpack
Microsoft Windows 10 - Theme API ThemePack File Parsing
2020-01-29 00:00:00
exploitdb
exploitdb
Microsoft Windows 10 - Theme API &#039;ThemePack&#039; File Parsing
2020-01-29 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-09-11 00:00:00

0.951 High

EPSS

Percentile

99.1%

JSON
Related for SAINT:2ABD66F22FDDC3855E00D93FD5F9AA53
openvas2saint3symantec1cve1checkpoint_advisories2nessus1zdt2prion1packetstorm1exploitpack1exploitdb1securityvulns1