CVE-2021-47797
Published: 16 January 2026
Summary
CVE-2021-47797 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Leawo Prof (inferred from references). Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-5 (Denial-of-service Protection).
Deeper analysis
CVE-2021-47797 is a denial of service vulnerability in Leawo Prof. Media version 11.0.0.1. The flaw, classified under CWE-120 (buffer overflow), occurs in the activation keycode field of the registration interface. Attackers can crash the application by supplying an oversized payload, such as a 6000-byte buffer of repeated characters pasted into the field.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), making it exploitable over the network with low attack complexity, no privileges, and no user interaction required beyond the payload delivery mechanism described. Any remote attacker can trigger the crash, resulting in high-impact denial of service that disrupts application availability without affecting confidentiality or integrity.
Advisories and references include a proof-of-concept exploit at https://www.exploit-db.com/exploits/50153, the vendor site at https://www.leawo.org, and a Vulncheck advisory at https://www.vulncheck.com/advisories/leawo-prof-media-denial-of-service-dos-poc. No specific patch or mitigation details are provided in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3001
Vulnerability details
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application…
more
crash when pasted into the registration interface.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in client application directly enables Endpoint DoS via application exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of input length and format on the activation keycode field, directly blocking the oversized 6000-byte payload that triggers the CWE-120 buffer overflow.
Requires mechanisms to protect against or limit denial-of-service conditions, mitigating the high-availability impact (AV:N/AC:L) from the crafted keycode crash.
Applies memory-protection techniques that can contain or block exploitation of the buffer overflow in the registration interface, reducing the chance of application termination.