Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6061

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6061
Last Modified 07 Mar 2011 10:15:39
Published 04 Feb 2009 08:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6061

Summary

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter.

Vulnerable Systems

Application

  • Techsmith Camtasia Studio 1.0

  • Techsmith Camtasia Studio 1.0.1

  • Techsmith Camtasia Studio 1.1

  • Techsmith Camtasia Studio 1.1.1

  • Techsmith Camtasia Studio 2.0

  • Techsmith Camtasia Studio 2.0.1

  • Techsmith Camtasia Studio 2.0.2

  • Techsmith Camtasia Studio 2.0.3

  • Techsmith Camtasia Studio 2.0.4

  • Techsmith Camtasia Studio 2.0.5

  • Techsmith Camtasia Studio 2.1.0

  • Techsmith Camtasia Studio 2.1.1

  • Techsmith Camtasia Studio 2.1.2

  • Techsmith Camtasia Studio 3.0.0

  • Techsmith Camtasia Studio 3.0.1

  • Techsmith Camtasia Studio 3.0.2

  • Techsmith Camtasia Studio 3.1.0

  • Techsmith Camtasia Studio 3.1.1

  • Techsmith Camtasia Studio 3.1.2

  • Techsmith Camtasia Studio 4.0.0

  • Techsmith Camtasia Studio 4.0.1

  • Techsmith Camtasia Studio 4.0.2


References

CERT-VN - VU#249337

VUPEN - ADV-2008-0066

BID - 27107

BUGTRAQ - 20080102 XSS Vulnerabilities in Common Shockwave Flash Files

SECUNIA - 28311

MISC - http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw


Last Updated: 27 May 2016 10:49:02