A critical security flaw has been identified in Greenshot version 1.3.300 and earlier, which could allow local attackers to execute arbitrary code through malicious WM_COPYDATA messages. Users are urged to upgrade to version 1.3.301 immediately to mitigate the risk of exploitation. #Greenshot #BinaryFormatter #WM_COPYDATA
Keypoints
- A vulnerability exists in Greenshotβs handling of incoming Windows messages, specifically WM_COPYDATA.
- The flaw allows attackers to send malicious data that triggers arbitrary code execution within Greenshot.
- The vulnerability stems from unsafe deserialization using BinaryFormatter without verifying data sources.
- Attackers can bypass internal security checks by executing code before authorization occurs.
- Updating to Greenshot version 1.3.301 is recommended to patch this security flaw.
Read More: https://thecyberexpress.com/greenshot-vulnerability/