CVE-2021-47797
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| leawo | prof.media | 11.0.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Leawo Prof.Media 11.0.0.1 is a denial of service (DoS) caused by a buffer overflow. An attacker can supply an oversized payloadβspecifically a 6000-byte buffer of repeated charactersβinto the activation keycode field of the application's registration interface. This causes the application to crash, resulting in a denial of service condition. [1, 3]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can crash the Leawo Prof.Media application by inputting a specially crafted oversized keycode. This results in a denial of service, making the application unavailable to legitimate users until it is restarted or fixed. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running Leawo Prof.Media 11.0.0.1. A proof-of-concept involves generating a 6000-byte payload of repeated characters (e.g., 'A's) and pasting it into the activation keycode field of the application. Specifically, you can use a Python script to create a file with the payload, then copy and paste it into the keycode input field in the Activation Center of the application. There are no specific network detection commands since the attack is local and requires user interaction. The detection method is manual and involves observing if the application crashes upon inputting the oversized keycode. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting or entering excessively long activation keycodes (such as 6000-byte strings) into the Leawo Prof.Media 11.0.0.1 application. Since the vulnerability requires local user interaction, restricting access to the application and educating users not to input suspicious or oversized keycodes can help. Additionally, check for any updates or patches from the vendor that address this issue and apply them once available. [1, 3]