Camtasia Studio Pre-generated SWF File csPreloader Parameter Unspecified Arbitrary Code Execution

Medium Nessus Plugin ID 29899


The remote Windows host contains an application that reportedly allows arbitrary code execution.


Camtasia Studio, an application for recording videos, is installed on the remote host.

The version of Camtasia Studio on the remote host reportedly generates Flash (SWF) files that themselves allow loading of an arbitrary Flash file via the 'csPreloader' parameter, which could lead to cross-site scripting attacks against a web server hosting vulnerable SWF files or even execution of arbitrary code on a user's system.


Upgrade to Camtasia Studio 5.0 or later as that reportedly resolves the issue and regenerate SWF content. Note that upgrading by itself is not sufficient to resolve this issue.

See Also

Plugin Details

Severity: Medium

ID: 29899

File Name: camtasia_cspreloader_cmd_exec.nasl

Version: $Revision: 1.16 $

Type: local

Agent: windows

Family: Windows

Published: 2008/01/10

Modified: 2015/01/12

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-6061

BID: 27107

OSVDB: 40102

CERT: 249337

CWE: 79