Avid Media Composer 'AvidPhoneticIndexer.exe' Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	50843
Class:	Boundary Condition Error
CVE:	CVE-2011-5003
Remote:	Yes
Local:	No
Published:	Nov 29 2011 12:00AM
Updated:	Nov 06 2013 12:23AM
Credit:	Nick Freeman of Security-Assessment.com
Vulnerable:	Avid Technology Avid Media Composer 5.5.3
Not Vulnerable:

Avid Media Composer 'AvidPhoneticIndexer.exe' Remote Stack Buffer Overflow Vulnerability

Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.

Avid Media Composer 5.5.3 is vulnerable; other versions may also be affected.

Avid Media Composer 'AvidPhoneticIndexer.exe' Remote Stack Buffer Overflow Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/50843.rb
• /data/vulnerabilities/exploits/50843-1.rb

Avid Media Composer 'AvidPhoneticIndexer.exe' Remote Stack Buffer Overflow Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Avid Media Composer 'AvidPhoneticIndexer.exe' Remote Stack Buffer Overflow Vulnerability

References:

• Avid Media Composer Homepage (Avid Technology)
  
• AVID Media Composer Phonetic Indexer Remote Stack Buffer Overflow (Nick Freeman)