1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: VideoSpirit Pro VISPRJ CVE-2011-0499

Attack: VideoSpirit Pro VISPRJ CVE-2011-0499

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to a buffer overflow vulnerability in VideoSpirit Pro application.

Additional Information

VideoSpirit Pro and Lite are multimedia applications available for Microsoft Windows.

VideoSpirit Pro and Lite are prone to multiple remote buffer-overflow vulnerabilities. These issues occur when processing the 'name' and 'value' attributes of the 'valitem' element in the '.visprj' (VideoSpirit project) file.

Remote attackers can exploit these issues by enticing an unsuspecting user into opening maliciously crafted '.visprj' files.

Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

VideoSpirit Pro versions 1.70 and prior, and VideoSpirit Lite 1.4.0.1 are vulnerable; other versions may also be affected.

Affected

  • VideoSpirit Pro versions 1.70 and prior, and VideoSpirit Lite 1.4.0.1 are vulnerable; other versions may also be affected.

Response

N/A

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube