Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
Vulnerability Description
Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute path. The vulnerable behavior is triggered when the user double-clicks the application’s tray icon, which opens the directory containing the most recent screenshot captured by the application. By placing a malicious executable with the same name in a location searched prior to the legitimate Windows binary, an attacker can gain code execution in the context of the application. This issue did not have a patch at the time of publication.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
GreenShot 代码问题漏洞
Vulnerability Description
GreenShot是GreenShot公司的一款适用于 Windows 的轻量级屏幕截图软件工具。 Greenshot 1.3.312及之前版本存在代码问题漏洞,该漏洞源于不受信任的可执行文件搜索路径,可能导致本地攻击者执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A