Full title: MS13-071 Microsoft Windows Theme File Handling Code Execution 
Category: remote exploits
Platform: windows
This Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.

# 0day.today @ http://0day.today/