Windows 11 ‘ThemeBleed’ RCE Flaw Gets Proof-of-Concept Exploit

Proof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code. The security issue is also referred to as ThemeBleed, and received a high-severity score of 8.8. It can be exploited if the target user opens a malicious .THEME file crafted by the attacker. The exploit code was released by Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and received $5,000 for the bug. Microsoft addressed CVE-2023-38146 two days ago in the September 2023 Patch Tuesday. Kirkpatrick found the vulnerability while looking at "weird Windows file formats," one of them being .THEME for files used to customize the appearance of the operating system. These files contain references to ‘.msstyles’ files, which should contain no code, only graphical resources that are loaded when the theme file invoking them is opened. The researcher noticed that when a version number “999” is used, the routine for handling the .MSSTYLES file includes a major discrepancy between the time a DLL’s (“_vrf.dll”) signature is verified and when the library loads, creating a race condition.