Full title: HP System Event Utility - Local Privilege Escalation Exploit 
Category: local exploits
Platform: windows
The HP System Event service "HPMSGSVC.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. HPMSGSVC.exe runs a background process that delivers push notifications. The problem is that the HP Message Service will load and execute any arbitrary executable named "Program.exe" if it is found in the user's c:\ drive.

# 0day.today @ http://0day.today/