Cyber Resilience

CVE-2021-47797

MediumPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 8.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47797 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Leawo Prof (inferred from references). Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2021-47797 is a denial of service vulnerability in Leawo Prof. Media version 11.0.0.1. The flaw, classified under CWE-120 (buffer overflow), occurs in the activation keycode field of the registration interface. Attackers can crash the application by supplying an oversized payload, such as a 6000-byte buffer of repeated characters pasted into the field.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), making it exploitable over the network with low attack complexity, no privileges, and no user interaction required beyond the payload delivery mechanism described. Any remote attacker can trigger the crash, resulting in high-impact denial of service that disrupts application availability without affecting confidentiality or integrity.

Advisories and references include a proof-of-concept exploit at https://www.exploit-db.com/exploits/50153, the vendor site at https://www.leawo.org, and a Vulncheck advisory at https://www.vulncheck.com/advisories/leawo-prof-media-denial-of-service-dos-poc. No specific patch or mitigation details are provided in the available information.

EU & UK References

Vulnerability details

Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application…

more

crash when pasted into the registration interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in client application directly enables Endpoint DoS via application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20115Shared CWE-120
CVE-2020-37205Shared CWE-120
CVE-2026-28875Shared CWE-120
CVE-2020-37194Shared CWE-120
CVE-2020-37180Shared CWE-120
CVE-2024-24419Shared CWE-120
CVE-2019-25353Shared CWE-120
CVE-2026-30075Shared CWE-120
CVE-2020-37213Shared CWE-120
CVE-2021-47798Shared CWE-120

Affected Assets

Leawo
Prof
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of input length and format on the activation keycode field, directly blocking the oversized 6000-byte payload that triggers the CWE-120 buffer overflow.

prevent

Requires mechanisms to protect against or limit denial-of-service conditions, mitigating the high-availability impact (AV:N/AC:L) from the crafted keycode crash.

prevent

Applies memory-protection techniques that can contain or block exploitation of the buffer overflow in the registration interface, reducing the chance of application termination.

References