When the database server or libpq client library initializes SSL, libeay32dll attempts to read configuration from a hard-coded directory Typically, the directory does not exist, but any local user could create it and inject configuration This configuration can direct OpenSSL to load and execute arbitrary code as the user running a PostgreSQL s ...