Published: 05/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio prior to 5 allows remote malicious users to inject arbitrary additional SWF content via a URL in the csPreloader parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
techsmith camtasia studio 3.1.1
techsmith camtasia studio 3.1.0
techsmith camtasia studio 2.0.5
techsmith camtasia studio 2.0.4
techsmith camtasia studio 1.0.1
techsmith camtasia studio 1.0
techsmith camtasia studio 4.0.1
techsmith camtasia studio 3.0.0
techsmith camtasia studio 2.1.2
techsmith camtasia studio 2.0.1
techsmith camtasia studio 2.0
techsmith camtasia studio 3.0.2
techsmith camtasia studio 3.0.1
techsmith camtasia studio 2.0.3
techsmith camtasia studio 2.0.2
techsmith camtasia studio
techsmith camtasia studio 4.0.0
techsmith camtasia studio 3.1.2
techsmith camtasia studio 2.1.1
techsmith camtasia studio 2.1.0
techsmith camtasia studio 1.1.1
techsmith camtasia studio 1.1

source: wwwsecurityfocuscom/bid/27107/info Camtasia Studio is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible NOTE: This vulnerabilit ...

CWE-79 http://www.kb.cert.org/vuls/id/249337 http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw http://secunia.com/advisories/28311 http://www.securityfocus.com/bid/27107 http://www.vupen.com/english/advisories/2008/0066 http://www.securityfocus.com/archive/1/485722/100/100/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30972/

CVE-2008-6061

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect