CVE-2019-13382

Published: Jul 26, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.

Affected (1)

Products: Techsmith: Snagit

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Techsmith Snagit	Version 2019.1.2

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349

Source: cve@mitre.org

ExploitThird Party Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

Source: cve@mitre.org

https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History

Source: cve@mitre.org

Vendor Advisory

https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.