CVE-2021-47774
Published: 15 January 2026
Summary
CVE-2021-47774 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Informer (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2021-47774 is a buffer overflow vulnerability (CWE-787) affecting Kingdia CD Extractor version 3.0.2, specifically in the registration name field. The flaw enables attackers to execute arbitrary code by submitting a malicious payload exceeding 256 bytes, which overwrites the Structured Exception Handler (SEH).
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows attackers to achieve remote code execution through a bind shell, providing high-impact access to the affected system.
References point to the Kingdia CD Extractor informer page and an Exploit-DB entry (exploit 50470), the latter documenting a proof-of-concept for the vulnerability. No vendor advisories or patches are specified in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2760
Vulnerability details
Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code execution…
more
through a bind shell.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable buffer overflow (AV:N/AC:L/PR:N/UI:N) in a network-accessible application, directly enabling exploitation of public-facing software for unauthenticated remote code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the buffer overflow vulnerability in Kingdia CD Extractor by applying patches or removing the affected software version.
Implements memory protections like DEP and ASLR to prevent exploitation of the buffer overflow via SEH overwrite for remote code execution.
Requires validation of inputs such as the registration name field to reject oversized payloads exceeding 256 bytes that trigger the buffer overflow.