C:\ProgramData is where "secure" SYSTEM processes go to die.
If you refer to the screenshot, the EXE is in C:\ProgramData\..., and is writable by normal users.
-
-
Oh, sorry, re-reading your tweet. No, there were several issues around the same time with WebEx. WebExec was something that didn't rely on weak ACLs of the service binary. It used the built-in capability of the code to execute user-provided code, as SYSTEM.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
But it wasn't in %Programdata% (or %ALLUSERSPROFILE%)