CVE-2023-38146: Windows Themes Remote Code Execution Vulnerability
Overview
- Severity
- High (CVSS 8.8)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2023-Sep
- Released
- 2023-09-12
- Last Updated
- 2024-06-26
- EPSS Score
- 86.45% (percentile: 99.4%)
FAQ
How could an attacker exploit this vulnerability?
An attacker would need to convince a targeted user to load a Windows Themes file on a vulnerable system with access to an attacker-controlled SMB share.
Detection & Weaponization (3 sources)
Maturity: Detection
- Metasploit modules: Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
- YARA rules: exploit_cve_2023_38146.yar, SIGNATURE_BASE_SUSP_Themebleed_Theme_Sep23
- GitHub PoC: 3 repositories
Affected Products (4)
Windows
- Windows 11 version 21H2 for x64-based Systems
- Windows 11 version 21H2 for ARM64-based Systems
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
Security Updates (2)
Acknowledgments
Emma Kirkpatrick (<a href=https://twitter.com/carrot_c4k3>@carrot_c4k3</a>), Thijs Alkemade, Khaled Nassar, and Daan Keuper with <a href="https://sector7.computest.nl/">Computest Sector 7</a>
Revision History
- 2023-09-12: Information published.
- 2024-06-26: Updated acknowledgment. This is an informational change only.