Escalation Updated — Nssm224 Privilege

To exploit this vulnerability, an attacker typically needs:

The Non-Sucking Service Manager ( ) version 2.24 has been identified as a vector for local privilege escalation (LPE) nssm224 privilege escalation updated

The vulnerability exists due to an incorrect handling of service configuration files. Specifically: To exploit this vulnerability, an attacker typically needs:

To help you further, are you analyzing a ? If you can share the file permissions ( icacls output) or if the path is unquoted , I can tell you exactly which command to use. To exploit this vulnerability

: If the nssm.exe binary or its directory has "Full Control" or "Modify" permissions for the "Everyone" or "Users" group, an attacker can replace the legitimate service binary with a malicious one.