CVE-2013-0810

HIGH

Microsoft Windows XP-SP3 - RCE

Title source: llm

Description

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/28482
metasploit WORKING POC EXCELLENT
by Eduardo Prado, juan vazquez, Matthew Hall <[email protected]> · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms13_071_theme.rb

References (3)

Scores

CVSS v3 8.1
EPSS 0.8222
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (4)
microsoft/windows_server_2003
microsoft/windows_server_2008 (3 CPE variants)
microsoft/windows_vista
microsoft/windows_xp (2 CPE variants)
Published Sep 11, 2013
Tracked Since Feb 18, 2026