CVE-2011-0500

VideoSpirit Lite and Pro <= 1.68 - Buffer Overflow via Project File valitem Attribute

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0500. PoCs published by Metasploit, xsploitedsec.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Video Spirit Pro <= 1.70 via a malicious .visprj file, bypassing DEP and ASLR to achieve arbitrary code execution on Windows XP, Vista, and 7.

Description

Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "value" attribute, as demonstrated using a valitem with the mp3 name.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17153

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Video Spirit Pro <= 1.70 via a malicious .visprj file, bypassing DEP and ASLR to achieve arbitrary code execution on Windows XP, Vista, and 7.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: VeryTools Video Spirit Pro <= 1.70

No auth needed

Prerequisites: Victim must open a malicious .visprj file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by xsploitedsec · pythonlocalwindows

https://www.exploit-db.com/exploits/15936

View Code ZIP pw:eip

This exploit demonstrates a local buffer overflow vulnerability in VideoSpirit Pro v1.68 by crafting a malicious .visprj project file with an overly long 'mp3' value, leading to arbitrary code execution via a structured payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VideoSpirit Pro v1.68

No auth needed

Prerequisites: Local access to the target system · VideoSpirit Pro v1.68 installed

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42876

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42866

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15936

Scores

EPSS 0.3083

EPSS Percentile 98.0%

Details

CWE

CWE-119

Status published

Products (3)

verytools/videospirit_lite 1.4.0.1

verytools/videospirit_pro 1.6.8.1

verytools/videospirit_pro < 1.68

Published Jan 20, 2011

Tracked Since Feb 18, 2026