If a search order-vulnerable program is configured to run at a higher privilege level, then the adversary -controlled DLL that is loaded will also be executed at the higher level. In this case, the technique could be used for privilege escalation from user to administrator or SYSTEM or from administrator to SYSTEM, depending on the program.