Windows theme file vulnerability could allow remote code execution
Report ID: MS201309005
Date Published: 11 September 2013
Compromise Type: remote-code-execution
Compromise From: remote
Windows Server 2003
Windows Server 2008
A vulnerability involving the Windows theme files could allow an attacker to execute arbitrary code on an affected system.
Microsoft has issued a security update to address a vulnerability in Microsoft Windows involving the Windows theme files. The vulnerability was caused by improper handling of theme and screensaver files, and could be exploited into allowing an attacker to execute arbitrary code and take control of an affected system.
The vulnerability has been resolved in the latest update by changing the way Windows handles them files and screensavers. Users are recommended to install the update onto their system as a protection measure against exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-071)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.