Windows Crafted Theme File Handling Vulnerability

2013-09-1200:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.1%

JSON

Added: 09/12/2013
CVE: CVE-2013-0810
BID: 62176
OSVDB: 97136

Background

Microsoft Windows themes are a combination of personalization settings that change how the user’s desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and screen saver.

Problem

Microsoft Windows is vulnerable to remote code execution, in the context of the logged-in user, as a result of improper handling of theme files and screen savers.

Resolution

Apply the update referenced in Microsoft Security Bulletin MS13-071.

References

<http://secunia.com/advisories/54736/>

Limitations

Exploit works on Microsoft Windows XP SP3 English (DEP OptIn).

One of the programs **smbclient** or **mount_smbfs** must be available on the SAINT host.

An SMB share which is anonymously readable by the target computer, and a user name and password with write access to that share, must be specified.

The vulnerable user must save the THEME file via right-click menu. The vulnerability is triggered when the file is opened and the Screen Saver tab is selected.