It is exploited by calling a remote procedure call function called rpcAddPrinterDriver. There is a buggy check that lets a user without the adequate privileges to load a driver on the remote system.
Since remote functions can be called locally as well, this is both a remote code execution (RCE) and local privilege escalation (LPE). For more information, see the original source: https://github.com/afwu/PrintNightmare
