CVE-2020-18169

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: TechSmith Snagit version 19.1.1.2860

Description: A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit allows attackers to escalate privileges. The exploitation of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS.

Recommendations: For TechSmith Snagit version 19.1.1.2860, consider updating to a newer version that addresses the issue, as the current version allows privilege escalation through the Windows installer XML (WiX) toolset. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-18169

Affected Products

Techsmith Snagit

Wix

Windows

CVE-2020-18169

Weakness Enumeration

Related Identifiers

Affected Products

References · 8