The NSSM-2.24 exploit works by exploiting the vulnerability in the service.c file. An attacker can craft a malicious request to the NSSM service, which includes a specially crafted service_name parameter. This parameter is not properly validated, allowing the attacker to inject malicious code into the service.
If the path to nssm.exe contains spaces and is not enclosed in quotes (e.g., C:\Program Files\App\nssm.exe ), Windows may attempt to execute C:\Program.exe first. An attacker can place a malicious Program.exe in the root directory to intercept the service start. Known Bugs in Version 2.24 nssm-2.24 exploit
Because NSSM runs with the privileges of the account that installs the service, it can be a vector for local privilege escalation if the file itself has weak permissions. The NSSM-2
The most straightforward mitigation is to upgrade to a version of NSSM that does not contain the vulnerability. Check the official NSSM website or repository for updates. If the path to nssm