CVE-2019-13382
HIGHSnagit 2019.1.2 - Privilege Escalation via Symbolic Link in InvalidPresentations
Title source: llmDescription
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
Vendor Advisory x_refsource_confirm
https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History
Various Sources x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Scores
CVSS v3
7.8
EPSS
0.0156
EPSS Percentile
72.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
techsmith/snagit
2019.1.2
Published
Jul 26, 2019
Tracked Since
Feb 18, 2026