Techdows

Latest Technology News

Fix CVE-2019-13382 Vulnerability in Snagit Old Versions

Last updated on By

If you’re using an old version of Techsmith Snagit, you should know ‘local privilege escalation through insecure file move’ vulnerability exists in its Relay Classic Recorder. To fix the vulnerability, either you need to update Snagit or disable Techsmith Uploader.

While the vulnerability CVE-2019-13382 has been acknowledged and fixed by Techsmith in the last year 2019, we came to know about it through update notification from “Snagit 13.1.5” recently, which is also affected.

Snagit 13.1.7 update notification informing vulnerability details

Here are the vulnerability details

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.

You’ve two options: update Snagit to the following versions or disable Techsmith Uploader Service, if you prefer the latter, follow the steps given below.

  • Snagit 2019.1.3 (or later)
  • Snagit 2018.2.4
  • Snagit 13.1.7

You can download old versions of Techsmith products such as Camtasia and Snagit from here.

Disabling Techsmith Uploader Service

1. Run the following command in Run dialog or Windows Explorer

C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader

2. Right-click on “UnInstallAndRemoveUploader.cmd” file and select Run as Administrator

UninstallandRemoveUploader.cmd file

3. The service will be stopped and removed from your computer.

It’s worth noting that the current Snagit 2020 version is bloated with OCR  and other unwanted features.

If you don’t want to update Snagit, Uninstalling Techsmith Uploader Service is the right thing to do to protect your device.

Related articles:

How to download Snagit or Camtasia older version?

How to uninstall and remove TechSmith Uploader Service?

How to backup and restore captures in the Snagit library?

Snagit 13.0.2 lets you Override other hotkey assignments

Snagit 13: Get OneClick Interface Back

Reader Interactions

Comments

  1. Amirhosein Amir says

    I hope Snagit 2021 will remove all the bloated with OCR and other unwanted features from 2020,