CVE-2008-6061 – Camtasia Studio 4.0.2 - 'csPreloader' Remote Code Execution

https://notcve.org/view.php?id=CVE-2008-6061

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ActionScript en controlador de ficheros de su elección Shockwave Flash (SWF) creado por Techsmith Camtasia Studio versiones anteriores a v5 permite a atacantes remotos inyectar contenidos SWF adicionales de su elección a través de una URL en el parámetro csPreloader. • https://www.exploit-db.com/exploits/30972 http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw http://secunia.com/advisories/28311 http://www.kb.cert.org/vuls/id/249337 http://www.securityfocus.com/archive/1/485722/100/100/threaded http://www.securityfocus.com/bid/27107 http://www.vupen.com/english/advisories/2008/0066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •