The host is installed with Google Chrome before 20.0.1132.43 and is prone to untrusted search path vulnerability. A flaw is present in the application, which fails to handle Metro DLL. Successful exploitation allows local users to gain privileges via a Trojan horse Metro DLL in the current working directory.