TechSmith Snagit for Windows prior to version 2022.0.2 and TechSmith Camtasia for Windows prior to 2021.0.16 were distributed with a version of Log4net vulnerable to CVE-2018-1275.
This is not related to the Log4j RCE vulnerabilities. This library was a dependency of older Google SDKs for Google Drive and YouTube outputs. Exploiting this vulnerability would require write access to the local file system which would allow a bad actor to engage in many other malicious actions on the target computer. There is no reason to believe this is remotely exploitable.
Users who are unable to upgrade to repaired versions can mitigate their risk by disabling the Google Drive and YouTube functionality within Snagit and Camtasia.
0 kommentar(er)
