Windows Themes Remote Code Execution Vulnerability
CVE-2023-38146
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 12 September 2023
Badges
What is CVE-2023-38146?
The Windows Themes Remote Code Execution vulnerability allows an attacker to execute arbitrary code on an affected system. By exploiting this vulnerability, an attacker could install programs, view, change, or delete data, or create new accounts with full user rights. The vulnerability arises from improper handling of theme files, making it essential for users to update their systems promptly to mitigate risks associated with potential exploitation.
Affected Version(s)
Windows 11 version 21H2 x64-based Systems 10.0.0 < 10.0.22000.2416
Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.2283
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
39% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved