Windows Crafted Theme File Handling Vulnerability

Added: 09/12/2013
CVE: CVE-2013-0810
BID: 62176
OSVDB: 97136

Background

Microsoft Windows themes are a combination of personalization settings that change how the user's desktop looks and sounds. A theme could specify user settings such as the desktop background, window border color, sounds, and screen saver.

Problem

Microsoft Windows is vulnerable to remote code execution, in the context of the logged-in user, as a result of improper handling of theme files and screen savers.

Resolution

Apply the update referenced in Microsoft Security Bulletin MS13-071.

References

http://secunia.com/advisories/54736/

Limitations

Exploit works on Microsoft Windows XP SP3 English (DEP OptIn).

One of the programs smbclient or mount_smbfs must be available on the SAINT host.

An SMB share which is anonymously readable by the target computer, and a user name and password with write access to that share, must be specified.

The vulnerable user must save the THEME file via right-click menu. The vulnerability is triggered when the file is opened and the Screen Saver tab is selected.

Platforms

Windows

Back to exploit index