// Start the service with the malicious configuration file STARTUPINFOA si; PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); ZeroMemory(&pi, sizeof(pi));
Monitor for:
was set with "Full Control" for all users. A non-privileged user could replace the
: Some third-party software bundles (like Odoo or Pelco VideoXpert) have been vulnerable to Local Privilege Escalation because they installed