Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-04-21 17:05
Updated : 2024-02-04 17:33
NVD link : CVE-2008-1436
Mitre link : CVE-2008-1436
CVE.ORG link : CVE-2008-1436
JSON object : View
Products Affected
microsoft
- windows_xp
- windows_server_2008
- windows_vista
- windows-nt
- windows_server_2003
CWE
CWE-264
Permissions, Privileges, and Access Controls