CVE-2008-1436
Title: Microsoft Windows-Nt Auth Bypass
Proof Of Concept
PoC Available for CVE-2008-1436
Vulnerability Summary
CVE-2008-1436: Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
Impacted Vendors
Reference Links
AV:N/AC:L/Au:S/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2008-1436 Exploits & PoCs (Proof Of Concept)
Vulnerability data updated via NVD.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected Stack
No specific products linked.