CVE-2020-18171

Опубликовано: 26 июл. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details

Ссылки

https://docs.google.com/document/d/1W33rsdISmexLOGS4VmLUIITRU_KqGULcij1Z6QyxsjU/edit?usp=sharing
Third Party Advisory
https://github.com/GitHubAssessments/CVE_Assessment_06_2019/blob/master/Snagit_Review.pdf
Exploit
Third Party Advisory
https://docs.google.com/document/d/1W33rsdISmexLOGS4VmLUIITRU_KqGULcij1Z6QyxsjU/edit?usp=sharing
Third Party Advisory
https://github.com/GitHubAssessments/CVE_Assessment_06_2019/blob/master/Snagit_Review.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:techsmith:snagit:19.1.0.2653:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-3rh8-vm3g-5r4x