This vulnerability allows arbitrary code execution in the user’s context by exploiting DLL sideloading when ScreenToGif runs from a user‑writable directory. The executable loads a malicious version.dll from the application directory instead of the Windows System32 directory, permitting an attacker to run arbitrary code with the privileges of the current user. This is a local exploitation that can lead to full compromise of the user account, affecting confidentiality, integrity, and availability of the system.

The issue affects ScreenToGif versions 2.42.1 and earlier distributed by NickeManarin. The software is typically used as a portable application and is commonly placed in directories writable by users. No specific operating system versions are listed, but the vulnerability is present on any Windows environment where the application runs from a writable path.

The CVSS base score is 7.8, indicating a high severity, while the EPSS score is below 1%, suggesting a low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local: an attacker must place a malicious version.dll in the application’s directory to trigger the exploit. However, because many users run the portable executable from personal folders, the risk to individual installations remains significant once the issue is publicized. Currently, no patch exists, so the risk is mitigated only by preventing execution from untrusted directories or waiting for a vendor fix.