CVE-2011-5003

Avid Media Composer < 5.5.3 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Nick Freeman · rubyremotewindows

https://www.exploit-db.com/exploits/18183

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/avidphoneticindexer.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/47047

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50843

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71514

[Vendor Advisory] http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdf

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/18183

[Third Party Advisory, VDB Entry] http://www.osvdb.org/77376

Scores

EPSS 0.7567

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (1)

avid/media_composer < 5.5.3

Published Dec 25, 2011

Tracked Since Feb 18, 2026