Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows theme file vulnerability could allow remote code execution


Report ID: MS201309005
Date Published: 11 September 2013

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008




Summary

A vulnerability involving the Windows theme files could allow an attacker to execute arbitrary code on an affected system.



Detailed Description

Microsoft has issued a security update to address a vulnerability in Microsoft Windows involving the Windows theme files. The vulnerability was caused by improper handling of theme and screensaver files, and could be exploited into allowing an attacker to execute arbitrary code and take control of an affected system.

The vulnerability has been resolved in the latest update by changing the way Windows handles them files and screensavers. Users are recommended to install the update onto their system as a protection measure against exploit attempts.



CVE Reference

CVE-2013-0810



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-071)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.