CVE-2024-50590

Attackers with local access to the medical office computer can <br /> escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by <br /> overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is <br /> writable for all users. In addition, the Elefant installer registers two<br /> Firebird database services which are running as “NT AUTHORITY\SYSTEM”. <br /> <br /> Path: C:\Elefant1\Firebird_2\bin\fbserver.exe<br /> <br /> Path: C:\Elefant1\Firebird_2\bin\fbguard.exe<br /> <br /> <br /> Both service binaries are user writable. This means that a local <br /> attacker can rename one of the service binaries, replace the service <br /> executable with a new executable, and then restart the system. Once the <br /> system has rebooted, the new service binary is executed as "NT <br /> AUTHORITY\SYSTEM".