How to Fix CVE-2019-13382 Vulnerability in Snagit Old Versions



RECOMMENDED: Click here to fix Windows errors and optimize system performance

If you are using an older version of Techsmith Snagit, you should know that the “local privilege escalation through insecure file move” vulnerability exists in its Relay Classic Recorder. To fix the vulnerability, you must either update Snagit or disable the Techsmith Uploader.

This vulnerability has been identified in collaboration with Marcus Sailler, Rick Romo and Gary Muller from the Capital group security audit team.

Overview of the Vulnerability

Every 30 to 60 seconds, TechSmith’s upload service (UploaderService.exe) checks the “C:\ProgramData\TechSmith Recorder\QueuedPresentations” folder for the presence of presentation files in “*.xml” format. If an invalid file is found, the service moves this file as a SYSTEM to “C:\ProgramData\Techsmith\TechSmith Recorder\InvalidPresentations”.

Since a non-privileged user has full control of the QueuedPresentations and InvalidPresentations folders, it is possible to create an invalid presentation in the QueuedPresentations folder and then place a symbolic link for that filename in the InvalidPresentations folder that points to a privileged location.



Update:

We now recommend using this tool for your error. Additionally, this tool fixes common computer errors, protects you against file loss, malware, hardware failures and optimizes your PC for maximum performance. You can fix your PC problems quickly and prevent others from happening with this software:

  • Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
  • Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
  • Step 3 : Click “Repair All” to fix all issues.

download



When the service checks presentations, it moves the file from the QueuedPresentations folder to the InvalidPresentations folder. When it does so, the service encounters the symbolic link and writes the new file to a protected location with permissions that give the low-privileged user full control over the content, resulting in increased privileges in the NT AUTHORITY\SYSTEM.

Disabling the Techsmith Uploader Service

  • Execute the following command in the Run dialog box or in Windows Explorer
    • C:\Program files (x86)
  • Right click on the file “UnInstallAndRemoveUploader.cmd” and select “Run as administrator
  • The service will be stopped and deleted from your computer.

Note that the current version of Snagit 2020 is inflated with OCR and other unwanted features.

If you do not wish to upgrade Snagit, uninstalling the Techsmith Uploader service is the right way to protect your device.

https://support.techsmith.com/hc/en-us/articles/360031116571-Snagit-Windows-CVE-2019-13382



RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance