The CMEXEC privilege allows the user's process
to execute the Change Mode to Executive ($CMEXEC) system service.
This system service lets a process change its
access mode to executive mode, execute a specified routine, and then
return to the access mode that was in effect before the system service
was called. While in executive mode, the process is allowed to execute
the Change Mode to Kernel ($CMKRNL) system service.
Grant this privilege only to users who need to
gain access to protected and sensitive data structures and internal
functions of the operating system. If unqualified users have unrestricted
access to sensitive data structures and functions, the operating system
and service to other users can be easily disrupted. Such disruptions
can include failure of the system, destruction of all system and user
data, and exposure of confidential information.