Skip to content

exploits-forsale/themebleed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

SMBFilterDemo

SMBFilterDemo

 
 

data

data

 
 

README.md

README.md

 
 

ThemeBleed.sln

ThemeBleed.sln

 
 

Repository files navigation

ThemeBleed

Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")

Usage: ThemeBleed.exe <command>

Commands:
        server                                   - Runs the server
        make_theme <host> <output path>          - Generates a .theme file referencing the specified host
        make_themepack <host> <output_path>      - Generates a .themepack file referencing the specified host

Data files

The binaries in data correspond to the 3 files returned to the target by the PoC.

  • stage_1 - An msstyles file with the PACKTHEM_VERSION set to 999.
  • stage_2 - A valid unmodified msstyles file to pass the signature check.
  • stage_3 - The DLL that will be loaded and executed. The provided example simply launches calc.exe.

To make your own payload, create a DLL with an export named VerifyThemeVersion containing your code, and replace stage_3 with your newly created DLL.

About

Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")

Resources

Readme
Activity
Custom properties

Stars

178 stars

Watchers

4 watching

Forks

37 forks
Report repository

Releases 1

ThemeBleed PoC Latest
Sep 13, 2023

Packages

No packages published

Languages