You’ve two options: update Snagit to the following versions or disable Techsmith Uploader Service, if you prefer the latter, follow the steps given below. The vulnerability was introduced in SnagIT Windows 12.4.1. Evaluation Scope The accessibility evaluation for this VPAT encompassed the following workflow of TechSmith Relay Recorder: 1. Create and share images and videos for better training, tutorials, lessons, and everyday communication with Snagit and Camtasia. TechSmith Relay Recorder's compliance with Section 508 of the United States' Rehabilitation Act, and to provide recommendations for remediation.
TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. TechSmith is the 1 global provider of screen capture and screen recording software. UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. While the vulnerability CVE-2019-13382 has been acknowledged and fixed by Techsmith in the last year 2019, we came to know about it through update notification from “Snagit 13.1.5” recently, which is also affected. To fix the vulnerability, either you need to update Snagit or disable Techsmith Uploader. Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.If you’re using an old version of Techsmith Snagit, you should know ‘local privilege escalation through insecure file move’ vulnerability exists in its Relay Classic Recorder.
TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. Need to locate recording files created by Either the Knowmia (formerly TechSmith Relay) Classic Recorder or the TechSmith Capture. In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.
0 kommentar(er)
