CVE-2021-47789
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yenkee | hornet_gaming_mouse | From 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Yenkee Hornet Gaming Mouse driver file GM312Fltr.sys, which contains a stack-based buffer overflow. An attacker can send an oversized input buffer (2000 bytes) through the DeviceIoControl interface to the driver. This input overruns a stack buffer, corrupting the function's return address and causing a kernel-level system crash (denial of service). The driver fails to properly validate or limit the size of input data, allowing this buffer overrun to occur. [1, 4]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing the system kernel, resulting in a system crash or bugcheck. An attacker with local access and limited privileges can exploit this by sending crafted input to the driver, causing the system to become unstable or unusable until rebooted. It affects all versions of the Yenkee Hornet Gaming Mouse driver on Windows 10 x64 systems. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to send a crafted DeviceIoControl request to the vulnerable driver. Specifically, you can open a handle to the device \\.\GM312Fltr using the Windows API CreateFileA with generic read/write access, then send a DeviceIoControl request with control code 0x22245C and a 2000-byte buffer (e.g., filled with 'A' characters). If the system crashes with a bugcheck code DRIVER_OVERRAN_STACK_BUFFER (0xF7), it indicates the presence of the vulnerability. This can be done using a custom script or tool that performs these steps on Windows 10 x64 systems. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable Yenkee Hornet Gaming Mouse driver (GM312Fltr.sys) until a patched version is available. Restrict local access to systems with this driver installed to trusted users only, as exploitation requires local privileges. Monitoring and blocking attempts to send oversized DeviceIoControl requests to the driver can also help. If possible, uninstall or disable the driver to prevent exploitation. [1, 4]