This exploit leverages insecure file permissions in LabF nfsAxe 3.7's default installation directory under C:\Users\Public\ to replace the xsetsrv.exe service binary with a malicious executable, achieving Local System privilege escalation upon service restart.
Classification
Working Poc 100%
Target:
LabF nfsAxe 3.7
Auth required
Prerequisites:
Access to a low-privileged user account on the target system · Public Folder sharing enabled on Windows 7 · Default installation path of LabF nfsAxe 3.7