Loophole detected in "Camtasia Studio"
November 30, 2009;
Michael Schmidt, Security Analyst at Compass, has analysed a flash application
which has been created with the software "Camtasia Studio" by TechSmith. In doing so he has
detected a security gap which enables Cross Site Scripting (XSS). Compass promptly informed the
manufacturer so that the vulnerability could be remediated. The patch is now available.
Problem recognised
Michael Schmidt of Compass was ordered to analyse flash videos, which had been generated with
"Camtasia Studio", on a customer Website. He had to check whether these were safe. The security
analysis pinpointed the weaknesses. By making use of these, the specialist managed to perform
various manipulations: He was able to modify texts in the flash video, execute Java Script codes in
the context of the Website and to redirect the user to various URLs.
The expert states that a faulty application may cause substantial damage to a safe Web
application. He regards the security gap unveiled as significant. Affected by this are many flash
applications which contain no business logic at all, but serve the only purpose of improving the
"Look & Feel" of a site.
Problem eliminated
The manufacturer TechSmith has immediately reacted to the notice of Compass and published a
patch for "Camtasia Studio". Thus the security gap has been closed. Further information on this
weakness is available under the following link on the TechSmith Website:
|