There is an Unquoted Service Path in Everest Engine(EverestEngine.exe) in version 2.0.4 on Windows. This allows an unauthorized local user to insert arbitrary code into the unquoted service path and escalate privileges to system

File Path: C:\ProgramData\Panini\Everest Engine

Add arbitrary code named Everest.exe file to the unquoted path %PROGRAMDATA%\Panini and once system is rebooted or service restarted the attacker will gain system privileges to the system

Escalation to System Privileges