CVE-2021-47761
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: VulnCheck

Description
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47761
EUVD
EUVD-2026-2779
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gpg millegpg5 5.7.2
mariadb mariadb *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in MilleGPG5 version 5.7.2 and is a local privilege escalation issue caused by insecure folder permissions. Authenticated users have modify permissions on critical directories, including the MariaDB bin folder where the mysqld.exe executable resides. An attacker with low privileges can replace the legitimate mysqld.exe with a malicious executable. When the system restarts, this malicious executable runs with system-level privileges, allowing the attacker to gain full control over the system. [2]

Impact Analysis

This vulnerability can allow a low-privileged user on the system to escalate their privileges to SYSTEM level by replacing a service executable with a malicious one. This means an attacker can gain full control over the affected machine, execute arbitrary code with the highest privileges, and potentially compromise the entire system and its data. [2]

Detection Guidance

You can detect this vulnerability by checking the folder permissions on the MilleGPG5 installation directories, especially the MariaDB bin directory. Look for modify or full control permissions granted to non-administrative users (e.g., BUILTIN\Users). On a Windows system, you can use the command: icacls "C:\Program Files\MilleGPG5\MariaDB\bin" to view permissions. Additionally, verify if the mysqld.exe executable has been replaced or renamed by checking the file's properties, timestamps, or hashes. Monitoring for unexpected changes or replacements of mysqld.exe can indicate exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include restricting folder permissions on the MilleGPG5 installation directories, especially "C:\Program Files\MilleGPG5" and its subdirectories, to prevent non-administrative users from modifying executables. Remove modify or full control permissions from the BUILTIN\Users group or any low-privileged users. Additionally, ensure that only trusted administrators have write access to the MariaDB bin directory. Consider monitoring the integrity of critical executables like mysqld.exe and implement alerts for unauthorized changes. A system reboot should be avoided until the permissions are corrected to prevent execution of malicious replacements. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47761. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart