CVE-2021-47774
Kingdia · CD Extractor
Kingdia CD Extractor 3.0.2 contains a buffer overflow in the registration name field, enabling remote code execution via a payload exceeding 256 bytes.
Executive summary
A critical buffer overflow in Kingdia CD Extractor 3.0.2 enables remote code execution through a malicious registration payload, posing a severe risk of system compromise.
Vulnerability
The vulnerability resides in the registration name input field, which lacks adequate bounds checking. An unauthenticated attacker can overwrite the Structured Exception Handler with a malicious payload to gain remote code execution via a bind shell.
Business impact
A CVSS score of 9.8 reflects the high risk of total system compromise, including unauthorized data access and full remote control by an attacker. This represents a critical threat to the confidentiality, integrity, and availability of any host running the affected software.
Remediation
Immediate Action: Update Kingdia CD Extractor to the latest version immediately to resolve the vulnerable input handling.
Proactive Monitoring: Review system and application logs for unusual inbound network traffic or attempts to initiate unauthorized shells.
Compensating Controls: Ensure the application is run with the least privilege necessary and utilize Endpoint Detection and Response (EDR) tools to detect suspicious child process spawning.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
This vulnerability allows for full remote code execution and must be treated with the highest urgency. Organizations should apply the vendor-provided security update immediately and restrict access to the application's configuration interfaces.