Heliand Dema

**Name of the Vulnerable Software and Affected Versions** WampServer version 3.0.6 **Description** The issue arises from weak file permissions in two services, 'wampapache' and 'wampmysqld', which run with SYSTEM privileges. This could allow a local, non-privileged user to execute arbitrary code with elevated privileges by replacing the original files with malicious executable files named mysqld.exe or httpd.exe. The malicious file would be executed as SYSTEM the next time the service starts. **Recommendations** For WampServer version 3.0.6, consider restricting access to the services 'wampapache' and 'wampmysqld' to prevent unauthorized file replacements until a proper fix is applied. Additionally, monitor system privileges and file permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.