CVE-2018-8413

HIGH

Windows Theme API - Remote Code Execution via File Decompression

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8413. PoCs published by Eduardo Braun Prado.

AI-analyzed exploit summary The code generates a malicious '.themepack' file that exploits a path traversal vulnerability in Microsoft Windows Theme API to drop an HTA file in the startup directory, achieving arbitrary file creation and potential RCE on next logon.

Description

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Exploits (1)

exploitdb WORKING POC

by Eduardo Braun Prado · clocalwindows

https://www.exploit-db.com/exploits/47975

View Code ZIP pw:eip

The code generates a malicious '.themepack' file that exploits a path traversal vulnerability in Microsoft Windows Theme API to drop an HTA file in the startup directory, achieving arbitrary file creation and potential RCE on next logon.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 10 v.1803 (17134.407) and earlier versions

No auth needed

Prerequisites: User interaction to open the malicious '.themepack' file

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter T1195 - Supply Chain Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041824

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105448

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html

Scores

CVSS v3 7.8

EPSS 0.6288

EPSS Percentile 98.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (16)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008 r2 sp1

... and 6 more

Published Oct 10, 2018

Tracked Since Feb 18, 2026