Privilege Escalation via Obfuscated OLE Files in TechSmith Snagit 19.1.0.2653

Privilege Escalation via Obfuscated OLE Files in TechSmith Snagit 19.1.0.2653

CVE-2020-18171 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details

Learn more about our Web Application Penetration Testing UK.