Vulnerability Details : CVE-2011-5003
Public exploit exists!
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-5003
- cpe:2.3:a:avid:media_composer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-5003
74.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-5003
-
Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
Disclosure Date: 2011-11-29First seen: 2020-04-26exploit/windows/misc/avidphoneticindexerThis module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
CVSS scores for CVE-2011-5003
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-5003
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-5003
-
http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdf
-
http://secunia.com/advisories/47047
Sign inVendor Advisory
-
http://www.exploit-db.com/exploits/18183
AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit) - Windows remote Exploit
-
http://www.osvdb.org/77376
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71514
Avid Media AvidPhoneticIndexer.exe buffer overflow CVE-2011-5003 Vulnerability Report
-
http://www.securityfocus.com/bid/50843
Avid Media Composer 'AvidPhoneticIndexer.exe' Remote Stack Buffer Overflow Vulnerability
Jump to