CVE-2023-38146

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 12, 2023

Updated: Jan 1, 2025

CWE ID 367

Summary

CVE-2023-38146 is a critical vulnerability affecting Windows Themes. Maliciously crafted theme packages can be exploited to execute arbitrary code on targeted systems. Successful attacks can lead to the installation of malware, unauthorized access, or data theft. This issue can be mitigated by disabling the installation of Themes from unknown sources or applying the latest security patches from Microsoft.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Windows 11 21H2
Microsoft Windows 11 22h2

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-OfgE
https://www.cve.org/CVERecord?id=CVE-2023-38146
https://nvd.nist.gov/vuln/detail/CVE-2023-38146

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners