![]() Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. The uninstaller supports all versions of Knowmia (formerly TechSmith Relay) Classic Recorder on OSX 10.10, 10.11, 10.12, and 10.13. The vulnerability was introduced in SnagIT Windows 12.4.1. The vulnerability was introduced in SnagIT Windows 12.4.1. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. ![]() UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. Switch between speaker webcam and your screen or presentation. In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. Record a MP4 video of your screen, presentation slides, and optional webcam video. ![]()
0 Comments
Leave a Reply. |