Camtasia Studio Pre-generated SWF File csPreloader Parameter Unspecified Arbitrary Code Execution

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that reportedly allows
arbitrary code execution.

Description :

Camtasia Studio, an application for recording videos, is installed on
the remote host.

The version of Camtasia Studio on the remote host reportedly generates
Flash (SWF) files that themselves allow loading of an arbitrary Flash
file via the 'csPreloader' parameter, which could lead to cross-site
scripting attacks against a web server hosting vulnerable SWF files or
even execution of arbitrary code on a user's system.

See also :

http://docs.google.com/Doc?docid=ajfxntc4dmsq_14dt57ssdw
http://www.securityfocus.com/archive/1/485722

Solution :

Upgrade to Camtasia Studio 5.0 or later as that reportedly resolves
the issue and regenerate SWF content. Note that upgrading by itself is
not sufficient to resolve this issue.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 29899 (camtasia_cspreloader_cmd_exec.nasl)

Bugtraq ID: 27107

CVE ID: CVE-2008-6061

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now