CVE-2008-6061

Name of the Vulnerable Software and Affected Versions Techsmith Camtasia Studio versions prior to 5

Description A cross-site scripting (XSS) issue exists in ActionScript within arbitrary Shockwave Flash (SWF) controller files created by the software. This allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter.

Recommendations For versions prior to 5, update to version 5 or later to resolve the issue. As a temporary workaround, consider restricting access to the csPreloader parameter to minimize the risk of exploitation.