![]() ![]() There is no reason to believe this is remotely exploitable. Exploiting this vulnerability would require write access to the local file system which would allow a bad actor to engage in many other malicious actions on the target computer. This library was a dependency of older Google SDKs for Google Drive and YouTube outputs. This is not related to the Log4j RCE vulnerabilities. TechSmith Snagit for Windows prior to version 2022.0.2 and TechSmith Camtasia for Windows prior to 2021.0.16 were distributed with a version of Log4net vulnerable to CVE-2018-1275. Use of Log4net in TechSmith Snagit and TechSmith Camtasia Coach's Eye and - Does not currently use Log4j However, versions of Coach's Eye Android released prior to 2020 may contain Log4j.TechSmith Assets for Camtasia / Snagit - Does not use Log4j.TechSmith Camtasia - Does not use Log4j.We were not anticipating finding any use of Log4j, but we investigated our source code repositories and library manifests to verify TechSmith’s software and services do not make use of or distribute the Log4j library. Apart from our Android-based solutions, TechSmith does not leverage Java for software we create. Log4j is a logging utility for Java-based software. TechSmith’s Created Software and Services TechSmith’s Security Team first became aware of the Log4j Remote Code Execution (RCE) vulnerability on December 10th, 2021, and immediately began an investigation.
0 Comments
Leave a Reply. |