Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2008-04-21T17:00:00
Updated: 2018-10-12T19:57:01
Reserved: 2008-03-21T00:00:00
Link: CVE-2008-1436
JSON object: View
NVD Information
Status : Modified
Published: 2008-04-21T17:05:00.000
Modified: 2019-02-26T14:04:00.993
Link: CVE-2008-1436
JSON object: View
Redhat Information
No data.
CWE