From bleepingcomputer.com
![](https://cert.bournemouth.ac.uk/wp-content/uploads/2023/09/image-45-1024x576.png)
Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code.
The security issue is also referred to as ThemeBleed, and received a high-severity score of 8.8. It can be exploited if the target user opens a malicious .THEME file crafted by the attacker.
The exploit code was released by Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and received $5,000 for the bug.
Microsoft addressed CVE-2023-38146 two days ago in the September 2023 Patch Tuesday.