关联漏洞
标题:
Microsoft Windows Themes 安全漏洞
(CVE-2023-38146)
描述:Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows Themes存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Wi
描述
Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")
介绍
# ThemeBleed
Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")
```
Usage: ThemeBleed.exe <command>
Commands:
server - Runs the server
make_theme <host> <output path> - Generates a .theme file referencing the specified host
make_themepack <host> <output_path> - Generates a .themepack file referencing the specified host
```
## Data files
The binaries in data correspond to the 3 files returned to the target by the PoC.
- `stage_1` - An `msstyles` file with the `PACKTHEM_VERSION` set to 999.
- `stage_2` - A valid unmodified `msstyles` file to pass the signature check.
- `stage_3` - The DLL that will be loaded and executed. The provided example simply launches `calc.exe`.
To make your own payload, create a DLL with an export named `VerifyThemeVersion` containing your code, and replace `stage_3` with your newly created DLL.
文件快照
[4.0K] /data/pocs/62dd57170ae9c9e0e05af616547930e11f98ed4c
├── [4.0K] data
│ ├── [1.4M] stage_1
│ ├── [1.4M] stage_2
│ └── [ 89K] stage_3
├── [ 906] README.md
├── [4.0K] SMBFilterDemo
│ ├── [ 189] App.config
│ ├── [ 32K] NTFilteredFileSystem.cs
│ ├── [ 218] packages.config
│ ├── [5.2K] Program.cs
│ ├── [4.0K] Properties
│ │ └── [1.4K] AssemblyInfo.cs
│ └── [2.8K] ThemeBleed.csproj
└── [1.1K] ThemeBleed.sln
3 directories, 11 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。