Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing local process at the same integrity level to trigger arbitrary code execution inside process. The vulnerable logic resides WinForms WndProc handler for (message 74) that copies supplied bytes into MemoryStream invokes BinaryFormatter.Deserialize, only afterward checks whether specified channel authorized. Because authorization check occurs after deserialization, any gadget chain embedded serialized payload executes regardless of membership. A attacker who can send main window achieve in-process execution, which may aid evasion application control policies by running payloads within trusted, signed Greenshot.exe This issue fixed version 1.3.301. No known workarounds exist.