New Vulnerability detected through Microsoft Defender

[chewgun]

Hello,

We just saw today (as we installed Greenshot), a vulnerability about Pippo.

Severity level is critical

Summary: Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.

Impact: If a threat were to exploit this vulnerability, they could execute arbitrary code on the system, potentially leading to unauthorized access, data breaches, and further compromise of the affected system.

Remediation: Upgrade to Pippo version 1.11.1 or later.

More Details can be found here:
https://nvd.nist.gov/vuln/detail/CVE-2018-18240
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

[awvtti]

We also encountered this today.

[awvtti]

It seem the Pippo we have is part of the app Greenshot. Greenshot has not been updated since 2017.

[Lakritzator]

Greenshot is a .NET application and doesn't use Java or Pippo, this can only be a false positive from defender.

[jklingen]

JFYI it has been brought to our attention that

Microsoft added the Pippo inaccuracy to the list of updated vulnerabilities.
Vulnerability support in Microsoft Defender Vulnerability Management - Microsoft Defender Vulnerability Management

I hope that the Defender alerts will disappear as a result.