CVE-2013-0810

HIGH

Windows XP/Vista/Server 2003/2008 RCE via Crafted Screensaver in Theme File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0810. PoCs published by Metasploit, Eduardo Prado, juan vazquez, Matthew Hall <[email protected]>, including Metasploit module exploits/windows/fileformat/ms13_071_theme.

AI-analyzed exploit summary This Metasploit module exploits CVE-2013-0810 by crafting a malicious .theme file that references a remote SMB resource as a screensaver, leading to arbitrary code execution when the victim views the 'Screen Saver' tab.

Description

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/28482

View Code ZIP pw:eip

This Metasploit module exploits CVE-2013-0810 by crafting a malicious .theme file that references a remote SMB resource as a screensaver, leading to arbitrary code execution when the victim views the 'Screen Saver' tab.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows XP SP3 / Windows 2003 SP2

No auth needed

Prerequisites: Victim must open the malicious .theme file and view the 'Screen Saver' tab

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Eduardo Prado, juan vazquez, Matthew Hall <[email protected]> · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms13_071_theme.rb

View Code ZIP pw:eip

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows XP SP3 / Windows 2003 SP2

No auth needed

Prerequisites: Victim must open the malicious .theme file and view the Screen Saver tab or trigger the screensaver

MITRE ATT&CK

T1204.002 - Malicious File T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18579

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-071

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/ncas/alerts/TA13-253A

Scores

CVSS v3 8.1

EPSS 0.5988

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (4)

microsoft/windows_server_2003

microsoft/windows_server_2008 (3 CPE variants)

microsoft/windows_vista

microsoft/windows_xp (2 CPE variants)

Published Sep 11, 2013

Tracked Since Feb 18, 2026