Compass Security AG Has Loophole In “Camtasia Studio” Found

TechSmith was able in its software for screen recording, Rapperswil close vulnerability, November 30, 2009 with vulnerable Flash applications can be weakened to secure Web applications. This has confirmed the compass security AG (www.csnc.ch) currently in the practice test. Michael Schmidt, security analyst of the company has examined a Flash application, created with the software Camtasia Studio of the company of TechSmith. There he encountered a security vulnerability. This was reported immediately by compass to the manufacturer, so that he could close the leak.

The patch is available. IT security service provider compass security AG is regularly previously unknown vulnerabilities. The specialist forwards it to the manufacturer, so that it can respond and provide a patch or fix. “In the case of Camtasia Studio” a desktop camcorder to the filming of the font it is a vulnerability that allows for cross site scripting (XSS). XSS is a type of attack on Web applications, is started to access sensitive user data, for example. Problem with camtasia had the job, Flash videos, Studio recognized Michael Schmidt of Compass’ were generated to analyze a client’s website. It should consider whether they are safe.

The security analysis produced the Schwachstellen. By exploiting the same was the specialist capable of carrying out various manipulations: he could adapt texts in the Flash movie, run Java script code in the context of the site, and redirect the user to various interchangeable URLs. The expert indicates that a faulty application could do significant damage to a secure Web application. The exposed vulnerability is significant. Affected were many Flash applications that contain no business logic at all, but aufpeppen only the look & feel of a page. “Problem banned manufacturer TechSmith has responded promptly to the note of compass and a patch of Camtasia Studio” published. Thus, the vulnerability is closed. More information to the Vulnerability is available under the following link on the TechSmith website: security /… Short portrait of Compass security AG: Compass security AG was founded in 1999 with headquarters in Rapperswil (CH) specializes as European service provider security assessments to the confidentiality, availability and integrity of corporate data. Using penetration testing, ethical hacking, and reviews compass pre-emptively judged ICT solutions with regard to security risks, tracks existing vulnerabilities and supports their elimination. IT forensic experts allow reconstruction and evidence beneficial documentation of abuse cases by acquisition, test and evaluation of digital tracks with digital systems. Hands-on workshops and training courses on the subject of IT security, as well as live hacking presentations to raise user awareness round off the portfolio. Neutrality and independence of the product are essential elements of our corporate philosophy. The customer base is composed of national and international customers any size and different sectors together. More information under: more information: compass security AG P.o. box 1628 Glarnischstrasse 7 CH-8640 Rapperswil Tel.: + 41 55 214 41 60 fax: + 41 55 214 41 61 PR Agency: Sprengel & Partner GmbH nesting first race 3 D-56472 Nisterau Ulrike Peter Tel.: + 49 (0) 26 61 91 26 0-0 fax: + 49 (0) 26 61-91 26 0-29 E-Mail: