MilleGPG5 Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in MilleGPG5 version 5.7.2. This vulnerability allows authenticated users to modify service executable files in the MariaDB bin directory. Exploitation involves replacing the mysqld.exe file with a malicious executable, which, upon system restart, executes with elevated privileges.

Impact

Exploitation of this vulnerability allows low-privileged users to gain system-level access by replacing a legitimate service executable with a malicious one that connects back to the attacker's machine.

Reproduction

To reproduce this vulnerability, first generate a malicious executable using a tool like msfvenom, targeting a reverse shell payload. Upload this executable to a web server. On the target machine, download the malicious executable into the MariaDB bin directory, overwriting the original mysqld.exe file. After replacing the file, restart the computer to trigger the execution of the malicious payload, which will open a reverse shell on the attacker's machine.