CVE-2011-0500

Name of the Vulnerable Software and Affected Versions VideoSpirit Pro versions 1.6.8.1 and earlier VideoSpirit Lite version 1.4.0.1 and possibly other versions

Description The issue allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long value attribute. This can be demonstrated using a valitem with the mp3 name.

Recommendations For VideoSpirit Pro versions 1.6.8.1 and earlier, consider avoiding the use of .visprj files containing long value attributes in valitem elements until a fix is available. For VideoSpirit Lite version 1.4.0.1 and possibly other versions, restrict the processing of .visprj files to minimize the risk of exploitation.