CVE-2013-0810

CVSS 8.1 HIGHEPSS 59.9%CWE-94

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.1EPSS 59.9%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado

Lifecycle

10 Sep 2013Metasploit module available

11 Sep 2013Published on NVD

23 Sep 2013Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/28482unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18579 http://www.us-cert.gov/ncas/alerts/TA13-253A