Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1436

CWE-2646 documents6 sources
Severity
9.0CRITICAL
EPSS
57.9%
top 1.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows-nt
Timeline
PublishedApr 21
Latest updateMay 1

Description

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS),

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-wr44-5q83-5vf8: Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalServ2022-05-01
CVEList
CVE-2008-1436: Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalServ2008-04-21
VulnCheck
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 Privilege Escalation2008

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'SeImpersonatePrivilege' Local Privilege Escalation2008-04-17

💬Community

1
Bugzilla
CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup2008-06-27
CVE-2008-1436 (CRITICAL CVSS 9) | Microsoft Windows XP Professional S | cvebase.io