module
Greenshot .NET Deserialization Fileformat Exploit
| Disclosed |
|---|
| Jul 26, 2023 |
Disclosed
Jul 26, 2023
Description
There exists a .NET deserialization vulnerability in Greenshot version 1.3.274
and below. The deserialization allows the execution of commands when a user opens
a Greenshot file. The commands execute under the same permissions as the Greenshot
service. Typically, is the logged in user.
and below. The deserialization allows the execution of commands when a user opens
a Greenshot file. The commands execute under the same permissions as the Greenshot
service. Typically, is the logged in user.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.