ScreenToGif DLL Sideloading Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A DLL sideloading vulnerability has been identified in ScreenToGif versions through 2.42.1. When the portable executable is executed from a user-writable directory, it improperly loads version.dll from the application directory instead of the Windows System32 directory. This flaw enables arbitrary code execution in the user's context. The vulnerability is particularly concerning because ScreenToGif is mainly distributed as a portable application meant to be run from user-writable locations.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the user's security context. The executed code can be stealthy, as the malicious DLL can forward application function calls, making it appear as though the application is functioning normally. Additionally, the malicious DLL can persist in the portable application directory.

Added: Mar 20, 2026, 9:22 PM

Updated: Mar 20, 2026, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ScreenToGif DLL Sideloading Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating