Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit

From bleepingcomputer.com

Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code.

The security issue is also referred to as ThemeBleed, and received a high-severity score of 8.8. It can be exploited if the target user opens a malicious .THEME file crafted by the attacker.

The exploit code was released by Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and received $5,000 for the bug.

Microsoft addressed CVE-2023-38146 two days ago in the September 2023 Patch Tuesday.

Read more…