CVE-2021-47785
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-02-09

Assigner: VulnCheck

Description
Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47785
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ethersoftware ether_mp3_cd_burner 1.3.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47785 is a buffer overflow vulnerability in Ether MP3 CD Burner version 1.3.8, specifically in the registration name field. Improper input validation allows an attacker to overwrite Structured Exception Handler (SEH) pointers, enabling remote code execution. By crafting a malicious payload and inputting it into the registration field, an attacker can execute arbitrary code, such as opening a bind shell on port 3110. [2]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on the affected system with low privileges, potentially leading to unauthorized access. Specifically, the attacker can open a bind shell on port 3110, which could be used to control the system remotely, compromising confidentiality, integrity, and availability of the system. [2]

Detection Guidance

This vulnerability can be detected by monitoring for unusual network activity on TCP port 3110, which is used by the bind shell spawned by the exploit. On the affected system, detection can involve checking for unexpected processes listening on port 3110. For example, using the command 'netstat -an | findstr 3110' on Windows to see if the port is open. Additionally, reviewing application logs or monitoring clipboard activity for suspicious payloads similar to the 'Evil.txt' exploit payload may help. Since the exploit involves pasting a crafted payload into the registration name field, monitoring user input or application behavior during registration could also indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Restricting access to the Ether MP3 CD Burner application, especially limiting local user privileges to prevent exploitation. 2) Monitoring and blocking inbound and outbound traffic on TCP port 3110 to prevent bind shell connections. 3) Avoiding use of the vulnerable version 1.3.8 of Ether MP3 CD Burner until a patch or update is available. 4) Educating users to not paste untrusted input into the registration name field. 5) Employing application whitelisting and endpoint protection to detect and block exploit attempts. Since the vulnerability requires local user interaction, controlling user permissions and monitoring for suspicious activity are key immediate steps. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47785. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart