Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

0day.today
0day.todayadded 2024/01/08 12:0 a.m.467 views

Themebleed Windows 11 Themes Arbitrary Code Execution Exploit

When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKMEVERSION is 999, it then attempts to load an accompanying dll file ending in vrf.dll. Before loading that file, it verifies that the file is signed. It does...

8.8CVSS7AI score0.39491EPSS
Exploits4
Packet Storm
Packet Stormadded 2024/01/05 12:0 a.m.600 views

Themebleed Windows 11 Themes Arbitrary Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146', 'Description' = %q When an unpatched Windows 11 host loads a theme file...

8.8CVSS7.4AI score0.39491EPSS
Exploits4
Metasploit
Metasploitadded 2024/01/04 7:51 p.m.608 views

Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146

When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKMEVERSION is 999, it then attempts to load an accompanying dll file ending in vrf.dll Before loading that file, it verifies that the file is signed. It does...

8.8CVSS7.2AI score0.39491EPSS
Exploits4
GithubExploit
GithubExploitadded 2023/10/13 3:33 p.m.487 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

PoC for the ThemeBleed CVE-2023-38146 exploit Windows 11 Them...

8.8CVSS8.7AI score0.39491EPSS
Exploits4
Malwarebytes
Malwarebytesadded 2023/09/24 11:0 p.m.16 views

A week in security (September 18 - September 24)

Last week on Malwarebytes Labs: Emergency update! Apple patches three zero-days T-Mobile spills billing information to other customers Involved in a data breach? Heres what you need to know Steer clear of cryptocurrency recovery phrase scams DoppelPaymer ransomware group suspects identified The...

6.7AI score
Exploits0
hivepro
hiveproadded 2023/09/18 7:9 a.m.55 views

‘ThemeBleed’ flaw in Windows 11 Enables Code Execution

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The CVE-2023-38146 vulnerability in Windows 11 allows remote attackers to execute arbitrary code, potentially compromising the affected systems security and integrity, and posing a significant...

6.8CVSS7.5AI score0.39491EPSS
Exploits4
Malwarebytes
Malwarebytesadded 2023/09/18 3:0 a.m.41 views

ThemeBleed exploit is another reason to patch Windows quickly

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept PoC exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures...

6.8CVSS7.4AI score0.39491EPSS
Exploits4
Rows per page
Query Builder