Fix CVE-2019-13382 Vulnerability in Snagit Old Versions

1 Comment

If you’re using an old version of Techsmith Snagit, you should know ‘local privilege escalation through insecure file move’ vulnerability exists in its Relay Classic Recorder. To fix the vulnerability, either you need to update Snagit or disable Techsmith Uploader.

While the vulnerability CVE-2019-13382 has been acknowledged and fixed by Techsmith in the last year 2019, we came to know about it through update notification from “Snagit 13.1.5” recently, which is also affected.

Snagit 13.1.7 update notification informing vulnerability details

Here are the vulnerability details

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%TechSmithTechSmith RecorderQueuedPresentations and then creating a symbolic link in %PROGRAMDATA%TechsmithTechSmith RecorderInvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.

You’ve two options: update Snagit to the following versions or disable Techsmith Uploader Service, if you prefer the latter, follow the steps given below.

  • Snagit 2019.1.3 (or later)
  • Snagit 2018.2.4
  • Snagit 13.1.7

You can download old versions of Techsmith products such as Camtasia and Snagit from here.

Disabling Techsmith Uploader Service

1. Run the following command in Run dialog or Windows Explorer

C:Program Files (x86)Common FilesTechSmith SharedUploader

2. Right-click on “UnInstallAndRemoveUploader.cmd” file and select Run as Administrator

UninstallandRemoveUploader.cmd file

3. The service will be stopped and removed from your computer.

It’s worth noting that the current Snagit 2020 version is bloated with OCR  and other unwanted features.

If you don’t want to update Snagit, Uninstalling Techsmith Uploader Service is the right thing to do to protect your device.

Related articles:

How to download Snagit or Camtasia older version?

How to uninstall and remove TechSmith Uploader Service?

How to backup and restore captures in the Snagit library?

Snagit 13.0.2 lets you Override other hotkey assignments

Snagit 13: Get OneClick Interface Back

Venkat Eswarlu
Venkat Eswarlu

Venkat is an independent technology journalist and the founder of Techdows. He has been covering web browsers, Windows, and software news since 2009. His exclusive scoops on Chrome, Firefox, and Edge features have been cited by Forbes, TechCrunch, Wired, CNET, and other major publications.

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *