From bleepingcomputer.com
Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code.
The security issue is also referred to as ThemeBleed, and received a high-severity score of 8.8. It can be exploited if the target user opens a malicious .THEME file crafted by the attacker.
The exploit code was released by Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and received $5,000 for the bug.
Microsoft addressed CVE-2023-38146 two days ago in the September 2023 Patch Tuesday.