Privilege Escalation Vulnerability in Microsoft Windows Operating Systems
CVE-2008-1436

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2003; Windows Server 2008; Windows Vista
Vendor: CVE Published:; 21 April 2008

What is CVE-2008-1436?

This vulnerability arises from the improper assignment of service accounts in Microsoft Windows operating systems, including XP Professional SP2, Vista, and Server 2003/2008. It allows attackers to exploit the relationship between services running under different security contexts, specifically NetworkService and LocalService. By leveraging these misconfigurations, an attacker can potentially elevate their privileges, gaining access to restricted resources that are otherwise protected by LocalSystem privileges. This flaw underlines the critical need for secure management of user rights, particularly regarding SeImpersonatePrivilege, to mitigate the risks of exploitation and enhance overall system security.

References

http://www.securitytracker.com/id?1019904

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/archive/1/491111/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

61% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2008
Vulnerability Reserved
Mar 21, 2008