cbcvebase.

Techsmith Snagit vulnerabilities

4 known vulnerabilities affecting techsmith/snagit.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2010-3130P3CRITICALCVSS 9.3PoCv10.0.02010-08-26
CVE-2010-3130 [CRITICAL] CVE-2010-3130: Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local user Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.
nvd
CVE-2020-18171P3HIGHCVSS 8.8v19.1.0.26532021-07-26
CVE-2020-18171 [HIGH] CWE-269 CVE-2020-18171: TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to ob TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details.
nvd
CVE-2020-18169P3HIGHCVSS 7.8v19.1.1.28602021-07-26
CVE-2020-18169 [HIGH] CWE-269 CVE-2020-18169: A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows at A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.
nvd
CVE-2020-11541P4MEDIUMCVSS 5.5≥ 11.2.1, ≤ 20.0.32020-05-08
CVE-2020-11541 [MEDIUM] CWE-611 CVE-2020-11541: In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.
nvd
Techsmith Snagit vulnerabilities | cvebase