Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. The vulnerability was introduced in SnagIT Windows 12.4.1. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. ![]() UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. ![]() ![]() ** DISPUTED ** A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.
0 Comments
Leave a Reply. |