Vulnerability in Windows Theme File Could Allow Remote Code Execution (MS13-071)

ITS Advisory Number: 
2013-082
Date(s) Issued: 
Tuesday, September 10, 2013
Subject: 
Vulnerability in Windows Theme File Could Allow Remote Code Execution (MS13-071)
Overview: 

A vulnerability has been found within Microsoft Windows theme file that allows remote code execution. Microsoft Windows themes are a combination of personal settings that change how their desktop. This vulnerability could be exploited if a user opens a specially crafted Windows theme on their system. Successful exploitation would result in an attacker gaining the same privileges associated with the user. Depending on the privileges associated with the user the attacker could install programs; view, change or delete data or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Windows XP
  • Microsoft Windows 2003
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A vulnerability has been found within Microsoft Windows theme file that allows remote code execution. The vulnerability is caused when Microsoft Windows improperly handles theme and screensaver files. This vulnerability could be exploited if a user opens a specially crafted Windows theme on their system. Successful exploitation would result in an attacker gaining the same privileges associated with the user. Depending on the privileges associated with the user the attacker could install programs; view, change or delete data or create new accounts with full user rights.

Actions: 
  • Install updates provided by Microsoft immediately after appropriate testing.
  • Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Remind users not to download or open files from un-trusted websites.
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-071
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0810