Camtasia Studio Pre-generated SWF File csPreloader Parameter Unspecified Arbitrary Code Execution
Medium Nessus Plugin ID 29899
SynopsisThe remote Windows host contains an application that reportedly allows arbitrary code execution.
DescriptionCamtasia Studio, an application for recording videos, is installed on the remote host.
The version of Camtasia Studio on the remote host reportedly generates Flash (SWF) files that themselves allow loading of an arbitrary Flash file via the 'csPreloader' parameter, which could lead to cross-site scripting attacks against a web server hosting vulnerable SWF files or even execution of arbitrary code on a user's system.
SolutionUpgrade to Camtasia Studio 5.0 or later as that reportedly resolves the issue and regenerate SWF content. Note that upgrading by itself is not sufficient to resolve this issue.