Ripfran

**Name of the Vulnerable Software and Affected Versions** Greenshot versions prior to 1.3.301 **Description** Greenshot is a Windows screenshot utility. Versions prior to 1.3.301 deserialize attacker-controlled data received in a WM COPYDATA message using `BinaryFormatter.Deserialize` without prior validation or authentication. This allows a local process at the same integrity level to trigger arbitrary code execution inside the Greenshot process. The vulnerable logic is located in a WinForms WndProc handler for the WM COPYDATA message (message 74), which copies supplied bytes into a `MemoryStream` and invokes `BinaryFormatter.Deserialize`, with authorization checks occurring after deserialization. This allows any gadget chain embedded in the serialized payload to execute regardless of channel membership. A local attacker who can send a WM COPYDATA message to the Greenshot main window can achieve in-process code execution. **Recommendations** Update to Greenshot version 1.3.301 or later.