RECOMMENDED: Click here to fix Windows errors and optimize system performance
If you are using an older version of Techsmith Snagit, you should know that the “local privilege escalation through insecure file move” vulnerability exists in its Relay Classic Recorder. To fix the vulnerability, you must either update Snagit or disable the Techsmith Uploader.
This vulnerability has been identified in collaboration with Marcus Sailler, Rick Romo and Gary Muller from the Capital group security audit team.
Overview of the Vulnerability
Every 30 to 60 seconds, TechSmith’s upload service (UploaderService.exe) checks the “C:\ProgramData\TechSmith Recorder\QueuedPresentations” folder for the presence of presentation files in “*.xml” format. If an invalid file is found, the service moves this file as a SYSTEM to “C:\ProgramData\Techsmith\TechSmith Recorder\InvalidPresentations”.
Since a non-privileged user has full control of the QueuedPresentations and InvalidPresentations folders, it is possible to create an invalid presentation in the QueuedPresentations folder and then place a symbolic link for that filename in the InvalidPresentations folder that points to a privileged location.
When the service checks presentations, it moves the file from the QueuedPresentations folder to the InvalidPresentations folder. When it does so, the service encounters the symbolic link and writes the new file to a protected location with permissions that give the low-privileged user full control over the content, resulting in increased privileges in the NT AUTHORITY\SYSTEM.
Disabling the Techsmith Uploader Service
- Execute the following command in the Run dialog box or in Windows Explorer
- C:\Program files (x86)
- Right click on the file “UnInstallAndRemoveUploader.cmd” and select “Run as administrator
- The service will be stopped and deleted from your computer.
Note that the current version of Snagit 2020 is inflated with OCR and other unwanted features.
If you do not wish to upgrade Snagit, uninstalling the Techsmith Uploader service is the right way to protect your device.
RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance
CCNA, Web Developer, PC Troubleshooter
I am a computer enthusiast and a practicing IT Professional. I have years of experience behind me in computer programming, hardware troubleshooting and repair. I specialise in Web Development and Database Design. I also have a CCNA certification for Network Design and Troubleshooting.