CVE-2023-34634

HIGH

Greenshot < 1.2.10.6 - Remote Code Execution via Insecure .NET Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-34634. PoCs published by p4r4bellum, radman404, p4r4bellum, bwatters-r7, including Metasploit module exploits/windows/fileformat/greenshot_deserialize_cve_2023_34634.

AI-analyzed exploit summary This PowerShell script exploits an insecure deserialization vulnerability in GreenShot 1.2.10 and below by crafting a malicious *.greenshot file. It embeds a serialized payload (generated via ysoserial.net) into a PNG file, which triggers arbitrary code execution when opened.

Description

Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.

Exploits (3)

exploitdb WORKING POC
by p4r4bellum · powershelllocalwindows
https://www.exploit-db.com/exploits/51633

This PowerShell script exploits an insecure deserialization vulnerability in GreenShot 1.2.10 and below by crafting a malicious *.greenshot file. It embeds a serialized payload (generated via ysoserial.net) into a PNG file, which triggers arbitrary code execution when opened.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GreenShot 1.2.10 and below
No auth needed
Prerequisites: ysoserial.net installed · GreenShot installed with default file association
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by radman404 · poc
https://github.com/radman404/CVE-2023-34634

This PoC exploits CVE-2023-34634 by crafting a malicious Greenshot image file with an embedded ysoserial payload. The payload is appended to a PNG file, which, when processed by vulnerable software, triggers deserialization leading to arbitrary command execution (e.g., calc.exe).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Greenshot (version not specified in PoC)
No auth needed
Prerequisites: ysoserial.exe · Consolas font file · vulnerable Greenshot installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by p4r4bellum, bwatters-r7 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/greenshot_deserialize_cve_2023_34634.rb

This Metasploit module exploits a .NET deserialization vulnerability in Greenshot (CVE-2023-34634) by embedding a malicious payload in a Greenshot file. When opened, it executes arbitrary commands with the privileges of the user running Greenshot.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Greenshot <= 1.3.274
No auth needed
Prerequisites: A valid PNG file to embed the payload · User interaction to open the malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.8
EPSS 0.0769
EPSS Percentile 93.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (1)
getgreenshot/greenshot < 1.2.10.6
Published Aug 01, 2023
Tracked Since Feb 18, 2026