Rapid7 Vulnerability & Exploit Database

MS13-071: Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)

Back to Search

MS13-071: Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
09/10/2013
Created
07/25/2018
Added
09/10/2013
Modified
06/26/2020

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user applies a specially crafted Windows theme on their system. In all cases, a user cannot be forced to open the file or apply the theme; for an attack to be successful, a user must be convinced to do so.

Solution(s)

  • WINDOWS-HOTFIX-MS13-071-00e1bcaa-5937-42b4-9641-634da41ae9dc
  • WINDOWS-HOTFIX-MS13-071-2c300c86-c8ed-4ef0-a117-7e495efe6726
  • WINDOWS-HOTFIX-MS13-071-4a89176f-007d-4aa9-a42d-eb4f411d4090
  • WINDOWS-HOTFIX-MS13-071-5d6b0f46-bde3-49ac-85b4-8d4f2297927f
  • WINDOWS-HOTFIX-MS13-071-644db154-e457-4059-a571-914f2a06ea4e
  • WINDOWS-HOTFIX-MS13-071-986547f8-73a3-4480-a6f0-621f223ca41f
  • WINDOWS-HOTFIX-MS13-071-c807ef5f-623c-46d3-bf52-60925cdd13ce
  • WINDOWS-HOTFIX-MS13-071-ca74a722-3dbd-4a7c-82fc-d8fad6120b0e
  • WINDOWS-HOTFIX-MS13-071-ddb7e80f-3f1c-43e3-9b1d-d7ff89f0251a
  • WINDOWS-HOTFIX-MS13-071-fc5c5c03-360c-4cc6-a9cd-2b60c262082b

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;