Full title: Greenshot 1.3.274 Deserialization / Command Execution Exploit 
Category: remote exploits
Platform: windows
There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user.

# 0day.today @ http://0day.today/