A Windows Themes vulnerability with the tracking number CVE-2023-38146 has been published, allowing remote attackers to execute code. Kirkpatrick discovered the flaw while investigating “weird Windows file formats,” one of which was.THEME for the files that are used to alter how the operating system looks.
The security flaw, also known as ThemeBleed, has a high severity rating of 8.8. If the target user opens a malicious.THEME file created by the attacker, it can be abused. Gabe Kirkpatrick, one of the researchers who reported the vulnerability to Microsoft on May 15 and got $5,000 for the bug, provided the exploit code.