How to Fix CVE-2019-13382 Vulnerability in Snagit Old Versions



Updated November 2024: Stop getting error messages and slow down your system with our optimization tool. Get it now at this link
  1. Download and install the repair tool here.
  2. Let it scan your computer.
  3. The tool will then repair your computer.

If you are using an older version of Techsmith Snagit, you should know that the “local privilege escalation through insecure file move” vulnerability exists in its Relay Classic Recorder. To fix the vulnerability, you must either update Snagit or disable the Techsmith Uploader.

This vulnerability has been identified in collaboration with Marcus Sailler, Rick Romo and Gary Muller from the Capital group security audit team.

Overview of the Vulnerability

Every 30 to 60 seconds, TechSmith’s upload service (UploaderService.exe) checks the “C:\ProgramData\TechSmith Recorder\QueuedPresentations” folder for the presence of presentation files in “*.xml” format. If an invalid file is found, the service moves this file as a SYSTEM to “C:\ProgramData\Techsmith\TechSmith Recorder\InvalidPresentations”.

Since a non-privileged user has full control of the QueuedPresentations and InvalidPresentations folders, it is possible to create an invalid presentation in the QueuedPresentations folder and then place a symbolic link for that filename in the InvalidPresentations folder that points to a privileged location.

November 2024 Update:

You can now prevent PC problems by using this tool, such as protecting you against file loss and malware. Additionally, it is a great way to optimize your computer for maximum performance. The program fixes common errors that might occur on Windows systems with ease - no need for hours of troubleshooting when you have the perfect solution at your fingertips:

  • Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
  • Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
  • Step 3 : Click “Repair All” to fix all issues.

Download Now

When the service checks presentations, it moves the file from the QueuedPresentations folder to the InvalidPresentations folder. When it does so, the service encounters the symbolic link and writes the new file to a protected location with permissions that give the low-privileged user full control over the content, resulting in increased privileges in the NT AUTHORITY\SYSTEM.

Disabling the Techsmith Uploader Service

  • Execute the following command in the Run dialog box or in Windows Explorer
    • C:\Program files (x86)
  • Right click on the file “UnInstallAndRemoveUploader.cmd” and select “Run as administrator
  • The service will be stopped and deleted from your computer.

Note that the current version of Snagit 2020 is inflated with OCR and other unwanted features.

If you do not wish to upgrade Snagit, uninstalling the Techsmith Uploader service is the right way to protect your device.

https://support.techsmith.com/hc/en-us/articles/360031116571-Snagit-Windows-CVE-2019-13382



Expert Tip: This repair tool scans the repositories and replaces corrupt or missing files if none of these methods have worked. It works well in most cases where the problem is due to system corruption. This tool will also optimize your system to maximize performance. It can be downloaded by Clicking Here

Scroll to Top