CVE-2008-1436

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2003; Windows Server 2008; Windows Vista
Vendor: CVE Published:; 21 April 2008

Summary

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

References

http://www.securitytracker.com/id?1019904

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/archive/1/491111/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 21, 2008
Vulnerability Reserved
Mar 21, 2008

Collectors

NVD DatabaseMitre Database