Skip to content
/ themebleed Public
forked from exploits-forsale/themebleed

Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")

0 stars 38 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sirrushoo/themebleed

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
SMBFilterDemo
SMBFilterDemo
 
 
data
data
 
 
README.md
README.md
 
 
ThemeBleed.sln
ThemeBleed.sln
 
 

Repository files navigation

ThemeBleed

Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")

Usage: ThemeBleed.exe <command>

Commands:
        server                                   - Runs the server
        make_theme <host> <output path>          - Generates a .theme file referencing the specified host
        make_themepack <host> <output_path>      - Generates a .themepack file referencing the specified host

Data files

The binaries in data correspond to the 3 files returned to the target by the PoC.

  • stage_1 - An msstyles file with the PACKTHEM_VERSION set to 999.
  • stage_2 - A valid unmodified msstyles file to pass the signature check.
  • stage_3 - The DLL that will be loaded and executed. The provided example simply launches calc.exe.

To make your own payload, create a DLL with an export named VerifyThemeVersion containing your code, and replace stage_3 with your newly created DLL.

About

Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%