CVE-2021-47774

Kingdia · CD Extractor

Kingdia CD Extractor 3.0.2 contains a buffer overflow in the registration name field, enabling remote code execution via a payload exceeding 256 bytes.

Executive summary

A critical buffer overflow in Kingdia CD Extractor 3.0.2 enables remote code execution through a malicious registration payload, posing a severe risk of system compromise.

Vulnerability

The vulnerability resides in the registration name input field, which lacks adequate bounds checking. An unauthenticated attacker can overwrite the Structured Exception Handler with a malicious payload to gain remote code execution via a bind shell.

Business impact

A CVSS score of 9.8 reflects the high risk of total system compromise, including unauthorized data access and full remote control by an attacker. This represents a critical threat to the confidentiality, integrity, and availability of any host running the affected software.

Remediation

Immediate Action: Update Kingdia CD Extractor to the latest version immediately to resolve the vulnerable input handling.

Proactive Monitoring: Review system and application logs for unusual inbound network traffic or attempts to initiate unauthorized shells.

Compensating Controls: Ensure the application is run with the least privilege necessary and utilize Endpoint Detection and Response (EDR) tools to detect suspicious child process spawning.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

This vulnerability allows for full remote code execution and must be treated with the highest urgency. Organizations should apply the vendor-provided security update immediately and restrict access to the application's configuration interfaces.