5 matches found
CVE-2019-13382
The CVE describes a local privilege escalation in SnagIT. UploaderService in SnagIT 2019.1.2 allows an attacker to elevate privileges by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsm...
CVE-2010-3130
Snagit DLL preloading vulnerability (CVE-2010-3130) affects TechSmith Snagit 10.x and 11.x. A malicious dwmapi.dll located in the same folder as a snag, snagcc, or snagprof file can be loaded, enabling arbitrary code execution via DLL hijacking when a user opens a crafted Snagit file from an atta...
CVE-2020-11541
TechSmith SnagIt 11.2.1–20.0.3 contains an XML External Entity (XXE) injection vulnerability. The issue may allow a local attacker to exfiltrate data with the local Administrator account. Affected component/behavior: XML processing leading to unauthenticated read of local data. The connected docu...
CVE-2020-18171
CVE-2020-18171 affects TechSmith Snagit 19.1.0.2653. The issue arises from the software’s use of Object Linking and Embedding (OLE), which can be abused to obfuscate and embed crafted files to escalate privileges. The connected documents do not provide explicit exploit details or a confirmed patc...
CVE-2020-18169
TechSmith Snagit version 19.1.1.2860 is affected by a privilege-escalation issue in the Windows installer XML (WiX) toolset. The vulnerability is described as enabling elevation of privileges via the Snagit installer, with the caveat that exploitation requires the user to bypass other OS safety m...