The service controller executes C:\Program.exe , giving the attacker full control over the machine. Why NSSM 2.24 Specifically?
References and further research
While NSSM 2.24 is not vulnerable to the classic unquoted service path in its own code, it creates services that are. If an administrator uses NSSM to install a service with a path like C:\Program Files\MyApp\app.exe , and C:\Program Files\MyApp is writable by a non-admin user, an attacker can replace app.exe with a malicious binary. nssm-2.24 privilege escalation
Organizations using affected applications should immediately apply vendor-supplied patches: The service controller executes C:\Program