CVE-2011-0499
published 2011-01-20CVE-2011-0499: Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
31.05%
98.0th percentile
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "name" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| verytools | videospirit_lite | <= 1.4.0.1 | — |
| verytools | videospirit_pro | <= 1.6.8.1 | — |
| verytools | videospirit_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x0a\x0b\x0c\x0d\x0e\x0f\x1a\x1b\x1c\x1d\x1e\x1f\x21\x22\x26\x27\x2f\x3c\x3e
bytes↗
\xEB\x06\x90\x90 (short jmp + NOP sled SEH overwrite)
- →ROP chain and stack pivot rely entirely on overlayplug.dll (non-ASLR module); presence of overlayplug.dll ROP gadget addresses in memory or on-disk shellcode is a strong indicator of exploitation. ↗
- →Exploit offset to EIP/ROP is 168 bytes; offset to ROP chain is 952 bytes within the malicious .visprj payload. ↗
- →Exploit terminates via EXITFUNC=process; spawned process will not persist after payload execution. ↗
- ·The Metasploit module targets Windows XP/Vista/Win7 generically using a single non-ASLR module (overlayplug.dll) for DEP and ASLR bypass; the exploit does not work if overlayplug.dll is absent or updated. ↗
- ·Payload space is constrained to 800 bytes (0x320) to avoid marking the wrong page as RWX during VirtualProtect ROP chain execution. ↗
- ·The PoC exploit for v1.68 was tested only on Windows XP SP3 English; behavior on other OS versions or service packs is not confirmed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
VeryTools VideoSpirit Pro 1.70 - '.visprj' Local Buffer Overflow (Metasploit)
exploitdb·2011-04-11
CVE-2011-0500 VeryTools VideoSpirit Pro 1.70 - '.visprj' Local Buffer Overflow (Metasploit)
VeryTools VideoSpirit Pro 1.70 - '.visprj' Local Buffer Overflow (Metasploit)
---
##
# $Id: videospirit_visprj.rb 12305 2011-04-11 23:32:41Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'VeryTools Video Spirit Pro %q{
This module exploits a stack buffer overflow in Video Spirit MSF_LICENSE,
'Author' =>
[
'Acidgen', #found the vulnerability
'corelanc0d3r', #rop exploit + msf module
],
'Version' => '$Revision: 12305 $',
'References' =>
[
[ 'URL', 'http://www.corelan.be/advisories.php?id=CORELAN-11-001' ],
],
'DefaultOptions' =>
{
'
Exploit-DB
VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow
exploitdb·2011-01-08
CVE-2011-0500 VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow
VeryTools VideoSpirit Pro 1.68 - Local Buffer Overflow
---
# Exploit Title: VideoSpirit Pro v1.68 Local BoF Exploit
# Date: 01/08/2011
# Author: xsploitedsec
# URL: http://www.x-sploited.com/
# Contact: xsploitedsec[at]x-sploited.com
# Software Link: http://www.verytools.com/videospirit/download.html
# Vulnerable version: v1.68
# Tested on: Windows XP SP3 Eng
# Software description #
# "VideoSpirit Pro is the most easily used Video Converter/Editor tools. For acting as a Video Editor,
# various slide effect/title/subtitle can be added to a video clip. Also, the video clip can be rotated,
# resized and warped. Multiple video/audio clips can be joined together. Converting speed is fast and
# the quality of output file is excellent."
# Vulnerability info #
# VideoSpirit Pro is prone to a
Metasploit
VeryTools Video Spirit Pro
metasploit
VeryTools Video Spirit Pro
VeryTools Video Spirit Pro
This module exploits a stack buffer overflow in Video Spirit <= 1.70. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.
No writeups or analysis indexed.
2011-01-20
Published