9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.951 High
EPSS
Percentile
99.1%
Added: 09/12/2013
CVE: CVE-2013-0810
BID: 62176
OSVDB: 97136
Microsoft Windows themes are a combination of personalization settings that change how the user’s desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and screen saver.
Microsoft Windows is vulnerable to remote code execution, in the context of the logged-in user, as a result of improper handling of theme files and screen savers.
Apply the update referenced in Microsoft Security Bulletin MS13-071.
<http://secunia.com/advisories/54736/>
Exploit works on Microsoft Windows XP SP3 English (DEP OptIn).
One of the programs **smbclient**
or **mount_smbfs**
must be available on the SAINT host.
An SMB share which is anonymously readable by the target computer, and a user name and password with write access to that share, must be specified.
The vulnerable user must save the THEME file via right-click menu. The vulnerability is triggered when the file is opened and the Screen Saver tab is selected.
Windows