Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent malicious users to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows xp |
||
microsoft windows server 2003 |
||
microsoft windows server 2008 |
||
microsoft windows vista - |
||
microsoft windows-nt vista |
||
microsoft windows vista |