CVE-2021-3394
HIGHMillewin 13.39.028 13.39.28.3342 13.39.146.1 - Local Privilege Escalation via Insecure Folder Permissions
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-3394. PoCs published by Andrea Intilangelo.
AI-analyzed exploit summary This is a detailed technical writeup describing a local privilege escalation vulnerability in Millewin due to insecure folder permissions and unquoted service paths. The analysis includes affected services, registry keys, and folder permissions that allow low-privileged users to replace executables and gain SYSTEM privileges.
Description
Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
Exploits (1)
This is a detailed technical writeup describing a local privilege escalation vulnerability in Millewin due to insecure folder permissions and unquoted service paths. The analysis includes affected services, registry keys, and folder permissions that allow low-privileged users to replace executables and gain SYSTEM privileges.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H