Xsploitedsec

**Name of the Vulnerable Software and Affected Versions** VideoSpirit Pro versions 1.6.8.1 and earlier VideoSpirit Lite version 1.4.0.1 and possibly other versions **Description** The issue allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a `valitem` element with a long `value` attribute. This can be demonstrated using a `valitem` with the `mp3` name. **Recommendations** For VideoSpirit Pro versions 1.6.8.1 and earlier, consider avoiding the use of .visprj files containing long `value` attributes in `valitem` elements until a fix is available. For VideoSpirit Lite version 1.4.0.1 and possibly other versions, restrict the processing of .visprj files to minimize the risk of exploitation.