CVE-2024-38030

Name of the Vulnerable Software and Affected Versions: Windows versions 7 through 11 (affected versions not specified)

Description: A spoofing vulnerability exists within the Windows Themes component, potentially allowing attackers to steal NTLM credentials. The vulnerability is related to the handling of file paths to image resources, specifically BrandImage or Wallpaper, within theme files. Exploitation can occur through simply viewing a malicious file in the file explorer, without requiring the file to be launched or the theme applied. This issue was discovered during the development of a patch for a related spoofing issue. The vulnerability allows attackers to affect the system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.