CVE-2021-47789
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-01-16

Assigner: VulnCheck

Description
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-01-16
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47789
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yenkee hornet_gaming_mouse From 1.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Yenkee Hornet Gaming Mouse driver file GM312Fltr.sys, which contains a stack-based buffer overflow. An attacker can send an oversized input buffer (2000 bytes) through the DeviceIoControl interface to the driver. This input overruns a stack buffer, corrupting the function's return address and causing a kernel-level system crash (denial of service). The driver fails to properly validate or limit the size of input data, allowing this buffer overrun to occur. [1, 4]

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the system kernel, resulting in a system crash or bugcheck. An attacker with local access and limited privileges can exploit this by sending crafted input to the driver, causing the system to become unstable or unusable until rebooted. It affects all versions of the Yenkee Hornet Gaming Mouse driver on Windows 10 x64 systems. [1, 4]

Detection Guidance

This vulnerability can be detected by attempting to send a crafted DeviceIoControl request to the vulnerable driver. Specifically, you can open a handle to the device \\.\GM312Fltr using the Windows API CreateFileA with generic read/write access, then send a DeviceIoControl request with control code 0x22245C and a 2000-byte buffer (e.g., filled with 'A' characters). If the system crashes with a bugcheck code DRIVER_OVERRAN_STACK_BUFFER (0xF7), it indicates the presence of the vulnerability. This can be done using a custom script or tool that performs these steps on Windows 10 x64 systems. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the vulnerable Yenkee Hornet Gaming Mouse driver (GM312Fltr.sys) until a patched version is available. Restrict local access to systems with this driver installed to trusted users only, as exploitation requires local privileges. Monitoring and blocking attempts to send oversized DeviceIoControl requests to the driver can also help. If possible, uninstall or disable the driver to prevent exploitation. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47789. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart