9
CVSSv2

CVE-2008-1436

Published: 21/04/2008 Updated: 26/02/2019
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 905
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent malicious users to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

Exploits

source: wwwsecurityfocuscom/bid/28833/info Microsoft Windows is prone to a privilege-escalation vulnerability Successful exploits may allow authenticated users to elevate their privileges to NetworkService This allows attackers to execute code with elevated privileges and aids in further exploits githubcom/offensive-securit ...