Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:VIDEOSPIRIT-OF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 VideoSpirit valitem Buffer Overflow

Release Date

 2011/11/15

Update Number

 2030

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: VideoSpirit valitem Buffer Overflow


This signature detects attempts to exploit a known vulnerability in the VideoSpirit Pro. A successful attack can lead to a buffer overflow and arbitrary remote code execution.

Extended Description

Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "value" attribute, as demonstrated using a valitem with the mp3 name.

Affected Products

  • Verytools videospirit_lite 1.4.0.1
  • Verytools videospirit_pro 1.6.8.1
  • Verytools videospirit_pro up to 1.68

References

  • CVE: CVE-2011-0500
  • CVE: CVE-2011-0499
  • URL: http://www.corelan.be/advisories.php?id=CORELAN-11-001

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out