Mariorl0

**Name of the Vulnerable Software and Affected Versions** Greenshot versions 1.3.312 and below **Description** Greenshot is a Windows screenshot utility. Versions 1.3.312 and below contain an untrusted executable search path/binary hijacking issue. A local attacker can execute arbitrary code when the application launches `explorer.exe` without using an absolute path. The issue is triggered when a user double-clicks the application’s tray icon, opening the directory containing the most recent screenshot. An attacker can place a malicious executable with the same name in a location searched before the legitimate Windows binary, gaining code execution in the application’s context. **Recommendations** Versions prior to 1.3.312 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Notepad++ versions prior to 8.9.2 **Description** Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue (CWE-426) exists when launching Windows Explorer without an absolute executable path. This could allow execution of a malicious `explorer.exe` if an attacker can control the process working directory. Under certain conditions, this could lead to arbitrary code execution in the context of the running application. The vulnerability was exploited in attacks where malicious actors targeted the update mechanism to distribute malware, such as Chrysalis. The update mechanism now verifies file signatures and XML file signatures from update servers to prevent data tampering and malicious DLL loading. **Recommendations** Update Notepad++ to version 8.9.2 or later.

**Name of the Vulnerable Software and Affected Versions** SumatraPDF versions prior to 3.5.3 **Description** SumatraPDF, a multi-format reader for Windows, allows execution of a malicious binary, specifically `explorer.exe`, located in the same directory as an opened PDF file. This occurs when a user clicks File → “Show in folder”. This behavior can lead to arbitrary code execution on the victim’s system with the privileges of the current user, requiring only a menu click for exploitation. **Recommendations** Update SumatraPDF to version 3.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** SumatraPDF versions 3.5.2 and earlier **Description** SumatraPDF is a multi-format reader for Windows. A flaw exists due to an Untrusted Search Path when the Advanced Options setting is triggered. The application executes `notepad.exe` without specifying an absolute path when using the Advanced Options setting. This allows execution of a malicious `notepad.exe` placed in the application's installation directory, potentially leading to arbitrary code execution. **Recommendations** Versions prior to 3.5.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.