CVE-2021-47761
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gpg | millegpg5 | 5.7.2 |
| mariadb | mariadb | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MilleGPG5 version 5.7.2 and is a local privilege escalation issue caused by insecure folder permissions. Authenticated users have modify permissions on critical directories, including the MariaDB bin folder where the mysqld.exe executable resides. An attacker with low privileges can replace the legitimate mysqld.exe with a malicious executable. When the system restarts, this malicious executable runs with system-level privileges, allowing the attacker to gain full control over the system. [2]
How can this vulnerability impact me? :
This vulnerability can allow a low-privileged user on the system to escalate their privileges to SYSTEM level by replacing a service executable with a malicious one. This means an attacker can gain full control over the affected machine, execute arbitrary code with the highest privileges, and potentially compromise the entire system and its data. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the folder permissions on the MilleGPG5 installation directories, especially the MariaDB bin directory. Look for modify or full control permissions granted to non-administrative users (e.g., BUILTIN\Users). On a Windows system, you can use the command: icacls "C:\Program Files\MilleGPG5\MariaDB\bin" to view permissions. Additionally, verify if the mysqld.exe executable has been replaced or renamed by checking the file's properties, timestamps, or hashes. Monitoring for unexpected changes or replacements of mysqld.exe can indicate exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting folder permissions on the MilleGPG5 installation directories, especially "C:\Program Files\MilleGPG5" and its subdirectories, to prevent non-administrative users from modifying executables. Remove modify or full control permissions from the BUILTIN\Users group or any low-privileged users. Additionally, ensure that only trusted administrators have write access to the MariaDB bin directory. Consider monitoring the integrity of critical executables like mysqld.exe and implement alerts for unauthorized changes. A system reboot should be avoided until the permissions are corrected to prevent execution of malicious replacements. [2]