BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.