Camtasia (Windows): DLL Preloading Vulnerability

Date Issued
September 21st, 2010

Advisory Status
Open (TechSmith is currently working on a fix for this issue)

Affected Software and Components
Camtasia Studio 6 & 7

Vulnerability Description 

TechSmith is aware that research has been published dealing with "DLL preloading" vulnerabilities in Camtasia Studio as well as many other products from other vendors.

The vulnerability requires that an attacker convince the victim to open a file using Camtasia Studio (.CMMP, .CAMREC files) from a remote attacker-controlled network location such as an SMB or WebDAV share. When the vulnerable application launches and opens the file, the application will load the attacker-provided Dynamic Link Library (DLL) from the same network location as the file which may lead to arbitrary code execution at the same privilege level as the user.

Solution

This has been solved in Camtasia Studio 7.1.1.

Workarounds or Mitigations

If you are unable to update to Camtasia Studio 7.1.1 Microsoft has provided a FixIt tool that can be used to prevent applications from loading DLLs from WebDAV and SMB locations. This workaround is described in the Microsoft Knowledge Base article titled "A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm".

Administrators can also protect their Camtasia Studio and Snagit users by adding perimeter firewall users to prevent systems from making outbound SMB or WebDAV connections, as described in the Microsoft Security Research & Defense Blog More information about the DLL Preloading remote attack vector post.

Was this article helpful?
0 out of 1 found this helpful