CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38139 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38139
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Kernel de Windows The Microsoft Windows kernel does not reset security cache during self-healing, leading to refcount overflow and use-after-free conditions. • http://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38141 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38141
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Kernel de Windows The Microsoft Windows Kernel passes user-mode pointers to registry callbacks, leading to race conditions and memory corruption. • http://packetstormsecurity.com/files/175096/Microsoft-Windows-Kernel-Race-Condition-Memory-Corruption.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38142 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38142
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios del Kernel de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38142 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 91%CPEs: 2EXPL: 2CVE-2023-38146 – Windows Themes Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código en Windows Themes When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll. • https://github.com/Jnnshschl/CVE-2023-38146 http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146 https://exploits.forsale/themebleed https://github.com/gabe-k/themebleed/tree/main https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/theme_dll_hijack_cve_2023_38146.rb • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-38147 – Windows Miracast Wireless Display Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38147
Windows Miracast Wireless Display Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código en Windows Miracast Wireless • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38147 • CWE-122: Heap-based Buffer Overflow •