Proof-of-concept For ThemeBleed RCE Vulnerability Released

A Proof-of-Concept (PoC) exploit for a Windows Themes vulnerability, known as CVE-2023-38146 or ThemeBleed, has been made public. This vulnerability, rated at 8.8 in severity, enables remote attackers to execute code. To exploit it, an attacker creates a malicious .THEME file that, when opened by the victim, triggers the attack. Gabe Kirkpatrick, one of the researchers who reported this flaw to Microsoft on May 15 and received a $5,000 reward, published the exploit code. Microsoft addressed CVE-2023-38146 in the September 2023 Patch Tuesday release. Read more...