Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-47761. PoCs published by Alessandro Salzano.
AI-analyzed exploit summary This exploit demonstrates a local privilege escalation (LPE) vulnerability in MilleGPG5 5.7.2 by replacing the legitimate mysqld.exe with a malicious executable due to insecure folder permissions. The exploit leverages the service running as Local System to gain NT AUTHORITY\SYSTEM privileges upon system restart.
Description
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.
Exploits (1)
This exploit demonstrates a local privilege escalation (LPE) vulnerability in MilleGPG5 5.7.2 by replacing the legitimate mysqld.exe with a malicious executable due to insecure folder permissions. The exploit leverages the service running as Local System to gain NT AUTHORITY\SYSTEM privileges upon system restart.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H