CVE Vulnerability

CVE-2019-13382

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%TechSmithTechSmith RecorderQueuedPresentations and then creating a symbolic link in %PROGRAMDATA%TechsmithTechSmith RecorderInvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History Vendor Advisory
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349 Exploit Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Configurations

Configuration 1
Information

Published : 2019-07-26 01:15

Updated : 2020-08-24 05:37

NVD link : CVE-2019-13382

Mitre link : CVE-2019-13382

Products Affected

Snagit

Techsmith

CWE
CWE-59