1. CVE-Search
  2. CVE-2020-11541
ID CVE-2020-11541
Summary In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.
References
Vulnerable Configurations
  • cpe:2.3:a:techsmith:snagit:18.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:18.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:18.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:18.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:18.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:18.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:19.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:19.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:20.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:20.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:20.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:20.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:20.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:20.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:techsmith:snagit:20.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:20.0.3:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 14-05-2020 - 17:28)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History
Last major update 14-05-2020 - 17:28
Published 08-05-2020 - 14:15
Last modified 14-05-2020 - 17:28
Back to Top