Final Draft Multiple Remote Stack Buffer Overflow Vulnerabilities

Bugtraq ID:	50850
Class:	Boundary Condition Error
CVE:	CVE-2011-5002
Remote:	Yes
Local:	No
Published:	Nov 29 2011 12:00AM
Updated:	Nov 06 2013 12:43AM
Credit:	Nick Freeman
Vulnerable:	Final Draft Final Draft 8.0
Not Vulnerable:	Final Draft Final Draft 8.02

Final Draft Multiple Remote Stack Buffer Overflow Vulnerabilities

Final Draft is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Final Draft 8.0 is vulnerable; prior versions may also be affected.

Final Draft Multiple Remote Stack Buffer Overflow Vulnerabilities

The following proof-of-concept code is available:

The following metasploit exploit code is available:

• /data/vulnerabilities/exploits/50850.rb
• /data/vulnerabilities/exploits/50850-1.rb

Final Draft Multiple Remote Stack Buffer Overflow Vulnerabilities

Solution:
Updates are available. Please contact the vendor for more information.

Final Draft Multiple Remote Stack Buffer Overflow Vulnerabilities

References:

• Final Draft 8 Multiple Stack Buffer Overflows (Nick Freeman)
  
• Final Draft Homepage (Final Draft)