Security News > 2023 > September > Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
2023-09-14 15:55
Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code.
The exploit code was released by Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and received $5,000 for the bug.
Kirkpatrick found the vulnerability while looking at "Weird Windows file formats," one of them being.
Kirkpatrick created a PoC exploit that opens the Windows Calculator when the user launches a theme file.
Windows 11 KB5030219 cumulative update released with 24 fixes, changes.
Microsoft Paint in Windows 11 gets a background removal tool.
News URL
Related news
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-38146 | Unspecified vulnerability in Microsoft Windows 11 22H2 Windows Themes Remote Code Execution Vulnerability | 0.0 |