CVE-2008-1436

Description

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

Related CPE's

References

1019904

29867

http://isc.sans.org/diary.html?storyid=4306

http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx

http://www.microsoft.com/technet/security/advisory/951306.mspx

28833

http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html

http://www.argeniss.com/research/Churrasco.zip

http://milw0rm.com/sploits/2008-Churrasco.zip

http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html

http://www.argeniss.com/research/TokenKidnapping.pdf

ADV-2009-1026

TA09-104A

ADV-2008-1264

ms-windows-localsystem-privilege-escalation(41880)

6705

oval:org.mitre.oval:def:5891

20081008 Token Kidnapping Windows 2003 PoC exploit

20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available

MS09-012

CvssV3 impact

CvssV2 impact