CVSS: 7.8EPSS: 92%CPEs: 1EXPL: 3CVE-2023-34634 – GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-34634
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened. Greenshot 1.2.10 y versiones anteriores permiten la ejecución de código arbitrario porque el contenido .NET se deserializa de forma insegura cuando se abre un archivo .greenshot. There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. • https://www.exploit-db.com/exploits/51633 https://github.com/radman404/CVE-2023-34634 http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html http://packetstormsecurity.com/files/174222/Greenshot-1.3.274-Deserialization-Command-Execution.html https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c https://greenshot.atlassian.net/browse/BUG-3061 - •