The user can write 0 where he wants. This can be used to write SecurityDescriptor and write system processes. Exploit Platform Windows Exploit Type Exploits Local Privilege Escalation Product Name Impact