CVE-2024-21320

Published Jan 9, 2024

Last updated 8 months ago

CVSS medium 6.5
Windows Themes

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-21320 is a spoofing vulnerability found within Microsoft Windows Themes functionality. This flaw allows attackers to craft malicious theme files (.theme) that exploit a lack of validation in certain theme file parameters. When a user downloads or views such a malicious theme file, even in Windows Explorer, the system can be tricked into attempting to load resources, such as wallpapers or brand images, from an attacker-controlled server. This process can inadvertently cause the Windows system to send NTLM credential hashes to the external server controlled by the attacker, potentially leading to credential theft or unauthorized information disclosure. The vulnerability affects a wide range of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server versions.

Description
Windows Themes Spoofing Vulnerability
Source
secure@microsoft.com
NVD status
Modified
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-200
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 🔎 Análisis forense de la explotación de CVE-2024-21320: abuso de Windows Themes para captura de NTLM, acceso remoto y persistencia Las vulnerabilidades que permiten la filtración de credenciales siguen siendo uno de los vectores más eficaces para comprometer entornos Wind

    @HackersCuriosos

    25 Apr 2026

    2418 Impressions

    10 Retweets

    72 Likes

    32 Bookmarks

    1 Reply

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2025-24132 2 - CVE-2026-20963 3 - CVE-2023-50428 4 - CVE-2026-0023 5 - CVE-2024-21320 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    21 Mar 2026

    175 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔎 Análisis forense de la explotación de CVE-2024-21320: abuso de Windows Themes para captura de NTLM, acceso remoto y persistencia Las vulnerabilidades que permiten la filtración de credenciales siguen siendo uno de los vectores más eficaces para comprometer entornos Wind

    @HackersCuriosos

    20 Mar 2026

    2153 Impressions

    13 Retweets

    38 Likes

    25 Bookmarks

    1 Reply

    0 Quotes

  4. Análisis forense de la explotación de CVE-2024-21320: abuso de Windows Themes para captura de NTLM, acceso remoto y persistencia https://t.co/Mw6shhxrUR #DFIR #DigitalForensics #CyberSecurity #IncidentResponse #WindowsForensics #ThreatHunting #ThreatIntelligence #BlueTeam #SOC

    @HackersCuriosos

    19 Mar 2026

    88 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  5. ⚠️ Another Free CVE Challenge: Windows Theme Spoofing We always try our best to prepare REAL-WORLD cases for you! CVE: CVE-2024-21320 Role: DFIR Difficulty: Hard https://t.co/LDCIrxJHoL

    @LetsDefendIO

    10 Jan 2025

    1773 Impressions

    5 Retweets

    14 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-21320

    @transilienceai

    6 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. ماکروسافت برای آسیب پذیری با کد شناسایی CVE-2024-21320 پچ لازم را منتشر نمود اما بعد از مدتی مشخص شد که این پچ نیز قابل دور زدن می باشد . برای همین پچ نیز که به نوعی آسیب پذیر بود کد شناسایی جدید CVE-2024-38030 را منتشر نمود و پچ جدید را ارائه کرد. https://t.co/Y2P1U3epiq https:/

    @AmirHossein_sec

    5 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Windows Themes Zero-Day Alert 🚨 🛠️ Unofficial patch out for a new Windows Themes bug that leaks NTLM credentials just by viewing malicious theme files ⚠️ Mitigate Now: Use 0patch or follow Microsoft’s NTLM blocking guidance (CVE-2024-21320) until an official fix is release

    @shaharia_munna

    31 Oct 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Windowsテーマにおけるゼロデイ脆弱性に対する非公式パッチを0patch社が提供。該当脆弱性はCVE未採番で、CVE-2024-21320を迂回可能なCVE-2024-38030のマイクロパッチを開発中だったACROS Security社が発見したもの。NTLM資格情報が窃取される可能性。 https://t.co/bLDX6xMvLU

    @__kokumoto

    30 Oct 2024

    924 Impressions

    9 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.CVE-2026-33829
  2. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-33827
  3. Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.CVE-2026-33826
  4. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  5. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.CVE-2026-33104

References

Sources include official advisories and independent security research.