Home / os / wince

Greenshot 1.3.274 Deserialization / Command Execution

Posted on 19 August 2023

There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user.

 

TOP