cvelistv5 - cve-2008-1436

CVE-2008-1436 (GCVE-0-2008-1436)

Vulnerability from cvelistv5 – Published: 2008-04-21 17:00 – Updated: 2024-08-07 08:24

Summary

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id?1019904	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/491111/100…	mailing-listx_refsource_BUGTRAQ
	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/1264…	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29867	third-party-advisoryx_refsource_SECUNIA
	http://securitywatch.eweek.com/flaws/microsoft_be…	x_refsource_MISC
	https://www.exploit-db.com/exploits/6705	exploitx_refsource_EXPLOIT-DB
	http://nomoreroot.blogspot.com/2008/10/windows-20…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	third-party-advisoryx_refsource_CERT
	http://www.argeniss.com/research/TokenKidnapping.pdf	x_refsource_MISC
	http://www.securityfocus.com/bid/28833	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.argeniss.com/research/Churrasco.zip	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/497168/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2009/1026	vdb-entryx_refsource_VUPEN
	http://isc.sans.org/diary.html?storyid=4306	x_refsource_MISC
	http://milw0rm.com/sploits/2008-Churrasco.zip	x_refsource_MISC
	http://blogs.technet.com/msrc/archive/2008/04/17/…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019904",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019904"
          },
          {
            "name": "oval:org.mitre.oval:def:5891",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
          },
          {
            "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
          },
          {
            "name": "ADV-2008-1264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1264/references"
          },
          {
            "name": "29867",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29867"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
          },
          {
            "name": "6705",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6705"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
          },
          {
            "name": "TA09-104A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
          },
          {
            "name": "28833",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28833"
          },
          {
            "name": "ms-windows-localsystem-privilege-escalation(41880)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/Churrasco.zip"
          },
          {
            "name": "MS09-012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
          },
          {
            "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
          },
          {
            "name": "ADV-2009-1026",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1026"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=4306"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1019904",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019904"
        },
        {
          "name": "oval:org.mitre.oval:def:5891",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
        },
        {
          "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
        },
        {
          "name": "ADV-2008-1264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1264/references"
        },
        {
          "name": "29867",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29867"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
        },
        {
          "name": "6705",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6705"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
        },
        {
          "name": "TA09-104A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
        },
        {
          "name": "28833",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28833"
        },
        {
          "name": "ms-windows-localsystem-privilege-escalation(41880)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/Churrasco.zip"
        },
        {
          "name": "MS09-012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
        },
        {
          "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
        },
        {
          "name": "ADV-2009-1026",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1026"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=4306"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-1436",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019904",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019904"
            },
            {
              "name": "oval:org.mitre.oval:def:5891",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
            },
            {
              "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/951306.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
            },
            {
              "name": "ADV-2008-1264",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1264/references"
            },
            {
              "name": "29867",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29867"
            },
            {
              "name": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html",
              "refsource": "MISC",
              "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
            },
            {
              "name": "6705",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6705"
            },
            {
              "name": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html",
              "refsource": "MISC",
              "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "http://www.argeniss.com/research/TokenKidnapping.pdf",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
            },
            {
              "name": "28833",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28833"
            },
            {
              "name": "ms-windows-localsystem-privilege-escalation(41880)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
            },
            {
              "name": "http://www.argeniss.com/research/Churrasco.zip",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/Churrasco.zip"
            },
            {
              "name": "MS09-012",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
            },
            {
              "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
            },
            {
              "name": "ADV-2009-1026",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1026"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=4306",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=4306"
            },
            {
              "name": "http://milw0rm.com/sploits/2008-Churrasco.zip",
              "refsource": "MISC",
              "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-1436",
    "datePublished": "2008-04-21T17:00:00",
    "dateReserved": "2008-03-21T00:00:00",
    "dateUpdated": "2024-08-07T08:24:42.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"C52FFD3E-195E-4A61-9789-AF5A3EFB3A62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:vista:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E15E896-99D9-4558-B85E-069D2F2EA565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:vista:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"0BA8CAFA-7C40-4692-A7C4-403315BF3E6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA778424-6F70-4AB6-ADD5-5D4664DFE463\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"BCE2197B-7C58-4693-B9BB-0B31EABB6B66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"9CFB1A97-8042-4497-A45D-C014B5E240AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"7F9C7616-658D-409D-8B53-AC00DC55602A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.\"}, {\"lang\": \"es\", \"value\": \"Microsoft Windows XP Professional SP2, vista y Server 2003 y 2008 no asignan apropiadamente las actividades a las cuentas (1) NetworkService y (2) LocalService, lo que podr\\u00eda permitir que los atacantes dependientes del contexto consigan privilegios mediante el uso de un proceso de servicio para capturar un recurso de un segundo proceso de servicio que tiene una capacidad de escalado de privilegios LocalSystem, relacionada con la administraci\\u00f3n inadecuada del derecho de usuario SeImpersonatePrivilege, como se inform\\u00f3 originalmente para Internet Information Services (IIS), tambi\\u00e9n se conoce como token Secuestro.\"}]",
      "id": "CVE-2008-1436",
      "lastModified": "2024-11-21T00:44:31.603",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-04-21T17:05:00.000",
      "references": "[{\"url\": \"http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://isc.sans.org/diary.html?storyid=4306\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://milw0rm.com/sploits/2008-Churrasco.zip\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/29867\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.argeniss.com/research/Churrasco.zip\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.argeniss.com/research/TokenKidnapping.pdf\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/951306.mspx\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/491111/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/497168/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/28833\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1019904\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1264/references\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1026\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41880\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/6705\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://isc.sans.org/diary.html?storyid=4306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://milw0rm.com/sploits/2008-Churrasco.zip\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29867\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.argeniss.com/research/Churrasco.zip\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.argeniss.com/research/TokenKidnapping.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/951306.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/491111/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/497168/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1264/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41880\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/6705\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1436\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-04-21T17:05:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.\"},{\"lang\":\"es\",\"value\":\"Microsoft Windows XP Professional SP2, vista y Server 2003 y 2008 no asignan apropiadamente las actividades a las cuentas (1) NetworkService y (2) LocalService, lo que podr\u00eda permitir que los atacantes dependientes del contexto consigan privilegios mediante el uso de un proceso de servicio para capturar un recurso de un segundo proceso de servicio que tiene una capacidad de escalado de privilegios LocalSystem, relacionada con la administraci\u00f3n inadecuada del derecho de usuario SeImpersonatePrivilege, como se inform\u00f3 originalmente para Internet Information Services (IIS), tambi\u00e9n se conoce como token Secuestro.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"C52FFD3E-195E-4A61-9789-AF5A3EFB3A62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:vista:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E15E896-99D9-4558-B85E-069D2F2EA565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:vista:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"0BA8CAFA-7C40-4692-A7C4-403315BF3E6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA778424-6F70-4AB6-ADD5-5D4664DFE463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"BCE2197B-7C58-4693-B9BB-0B31EABB6B66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"9CFB1A97-8042-4497-A45D-C014B5E240AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C7616-658D-409D-8B53-AC00DC55602A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=4306\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://milw0rm.com/sploits/2008-Churrasco.zip\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/29867\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.argeniss.com/research/Churrasco.zip\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.argeniss.com/research/TokenKidnapping.pdf\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.microsoft.com/technet/security/advisory/951306.mspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/491111/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/497168/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/28833\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1019904\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1264/references\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1026\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41880\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.exploit-db.com/exploits/6705\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=4306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://milw0rm.com/sploits/2008-Churrasco.zip\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29867\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.argeniss.com/research/Churrasco.zip\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.argeniss.com/research/TokenKidnapping.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.microsoft.com/technet/security/advisory/951306.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/491111/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/497168/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1264/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/6705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-1436

Vulnerability from fkie_nvd - Published: 2008-04-21 17:05 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx
secure@microsoft.com	http://isc.sans.org/diary.html?storyid=4306
secure@microsoft.com	http://milw0rm.com/sploits/2008-Churrasco.zip
secure@microsoft.com	http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
secure@microsoft.com	http://secunia.com/advisories/29867	Vendor Advisory
secure@microsoft.com	http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html
secure@microsoft.com	http://www.argeniss.com/research/Churrasco.zip
secure@microsoft.com	http://www.argeniss.com/research/TokenKidnapping.pdf
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/951306.mspx
secure@microsoft.com	http://www.securityfocus.com/archive/1/491111/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/497168/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/28833
secure@microsoft.com	http://www.securitytracker.com/id?1019904
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/1264/references	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1026	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41880
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891
secure@microsoft.com	https://www.exploit-db.com/exploits/6705
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=4306
af854a3a-2127-422b-91ae-364da2661108	http://milw0rm.com/sploits/2008-Churrasco.zip
af854a3a-2127-422b-91ae-364da2661108	http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29867	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html
af854a3a-2127-422b-91ae-364da2661108	http://www.argeniss.com/research/Churrasco.zip
af854a3a-2127-422b-91ae-364da2661108	http://www.argeniss.com/research/TokenKidnapping.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/951306.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491111/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/497168/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28833
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019904
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1264/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1026	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41880
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6705

Impacted products

Vendor	Product	Version
microsoft	windows-nt	vista
microsoft	windows-nt	vista
microsoft	windows-nt	vista
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C52FFD3E-195E-4A61-9789-AF5A3EFB3A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9E15E896-99D9-4558-B85E-069D2F2EA565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "0BA8CAFA-7C40-4692-A7C4-403315BF3E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
              "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
    },
    {
      "lang": "es",
      "value": "Microsoft Windows XP Professional SP2, vista y Server 2003 y 2008 no asignan apropiadamente las actividades a las cuentas (1) NetworkService y (2) LocalService, lo que podr\u00eda permitir que los atacantes dependientes del contexto consigan privilegios mediante el uso de un proceso de servicio para capturar un recurso de un segundo proceso de servicio que tiene una capacidad de escalado de privilegios LocalSystem, relacionada con la administraci\u00f3n inadecuada del derecho de usuario SeImpersonatePrivilege, como se inform\u00f3 originalmente para Internet Information Services (IIS), tambi\u00e9n se conoce como token Secuestro."
    }
  ],
  "id": "CVE-2008-1436",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-21T17:05:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://isc.sans.org/diary.html?storyid=4306"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29867"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.argeniss.com/research/Churrasco.zip"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/28833"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019904"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1264/references"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1026"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/6705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=4306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.argeniss.com/research/Churrasco.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1264/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6705"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-142

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Microsoft Windows. Leur exploitation peut conduire à une élévation de privilèges.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Microsoft Windows. Elles concernent :

le service de transaction MSDTC (Microsoft Distributed Transaction Coordinator) qui permet d'obtenir certains jetons (NetworkService) lors d'appels RPC ;
le service de gestion WMI (Windows Management Instrumentation) qui permet de récupérer sous certaines conditions les privilèges au niveau LocalSYSTEM ;
le service serveur RPC (RPCSS) qui permet de récupérer sous certaines conditions les droits LocalSYSTEM ;
la classe ThreadPool de Windows qui permet également d'exécuter, selon le positionnement des listes de contrôles d'accès des threads, du code avec des droits élevés LocalSYSTEM.

Certaines de ces vulnérabilités ont fait l'objet de l'alerte CERTA-2008-ALE-012 publiée le 10 octobre 2008.

Solution

Se référer au bulletin de sécurité MS09-012 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et 2, y compris pour les systèmes x64 et Itanium ;
Microsoft	Windows	Microsoft Windows Vista, Service Pack 1 inclus, y compris pour les versions x64 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes 32 bits, x64 et Itanium.
Microsoft	Windows	Microsoft Windows XP Service Pack 2 et 3 ;
Microsoft	Windows	Microsoft Windows XP Professional Edition pour systèmes x64, Service Pack 2 compris ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-012 du 14 avril 2009	None	vendor-advisory
Alerte du CERTA CERTA-2008-ALE-012 du 10 octobre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et 2, y compris pour les syst\u00e8mes x64 et Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista, Service Pack 1 inclus, y compris pour les versions x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes 32 bits, x64 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 et 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Professional Edition pour syst\u00e8mes x64, Service Pack 2 compris ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Microsoft Windows. Elles concernent\u00a0:\n\n-   le service de transaction MSDTC (Microsoft Distributed Transaction\n    Coordinator) qui permet d\u0027obtenir certains jetons (NetworkService)\n    lors d\u0027appels RPC\u00a0;\n-   le service de gestion WMI (Windows Management Instrumentation) qui\n    permet de r\u00e9cup\u00e9rer sous certaines conditions les privil\u00e8ges au\n    niveau LocalSYSTEM\u00a0;\n-   le service serveur RPC (RPCSS) qui permet de r\u00e9cup\u00e9rer sous\n    certaines conditions les droits LocalSYSTEM\u00a0;\n-   la classe ThreadPool de Windows qui permet \u00e9galement d\u0027ex\u00e9cuter,\n    selon le positionnement des listes de contr\u00f4les d\u0027acc\u00e8s des threads,\n    du code avec des droits \u00e9lev\u00e9s LocalSYSTEM.\n\nCertaines de ces vuln\u00e9rabilit\u00e9s ont fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-012 publi\u00e9e le 10 octobre 2008.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-012 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0080"
    },
    {
      "name": "CVE-2008-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1436"
    },
    {
      "name": "CVE-2009-0079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0079"
    },
    {
      "name": "CVE-2009-0078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0078"
    }
  ],
  "links": [
    {
      "title": "Alerte du CERTA CERTA-2008-ALE-012 du 10 octobre    2008\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-012/"
    }
  ],
  "reference": "CERTA-2009-AVI-142",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Microsoft Windows. Leur exploitation peut conduire \u00e0 une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-012 du 14 avril 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-012.mspx"
    }
  ]
}

CERTA-2009-AVI-142

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Microsoft Windows. Leur exploitation peut conduire à une élévation de privilèges.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Microsoft Windows. Elles concernent :

le service de transaction MSDTC (Microsoft Distributed Transaction Coordinator) qui permet d'obtenir certains jetons (NetworkService) lors d'appels RPC ;
le service de gestion WMI (Windows Management Instrumentation) qui permet de récupérer sous certaines conditions les privilèges au niveau LocalSYSTEM ;
le service serveur RPC (RPCSS) qui permet de récupérer sous certaines conditions les droits LocalSYSTEM ;
la classe ThreadPool de Windows qui permet également d'exécuter, selon le positionnement des listes de contrôles d'accès des threads, du code avec des droits élevés LocalSYSTEM.

Certaines de ces vulnérabilités ont fait l'objet de l'alerte CERTA-2008-ALE-012 publiée le 10 octobre 2008.

Solution

Se référer au bulletin de sécurité MS09-012 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et 2, y compris pour les systèmes x64 et Itanium ;
Microsoft	Windows	Microsoft Windows Vista, Service Pack 1 inclus, y compris pour les versions x64 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes 32 bits, x64 et Itanium.
Microsoft	Windows	Microsoft Windows XP Service Pack 2 et 3 ;
Microsoft	Windows	Microsoft Windows XP Professional Edition pour systèmes x64, Service Pack 2 compris ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-012 du 14 avril 2009	None	vendor-advisory
Alerte du CERTA CERTA-2008-ALE-012 du 10 octobre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et 2, y compris pour les syst\u00e8mes x64 et Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista, Service Pack 1 inclus, y compris pour les versions x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes 32 bits, x64 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 et 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Professional Edition pour syst\u00e8mes x64, Service Pack 2 compris ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Microsoft Windows. Elles concernent\u00a0:\n\n-   le service de transaction MSDTC (Microsoft Distributed Transaction\n    Coordinator) qui permet d\u0027obtenir certains jetons (NetworkService)\n    lors d\u0027appels RPC\u00a0;\n-   le service de gestion WMI (Windows Management Instrumentation) qui\n    permet de r\u00e9cup\u00e9rer sous certaines conditions les privil\u00e8ges au\n    niveau LocalSYSTEM\u00a0;\n-   le service serveur RPC (RPCSS) qui permet de r\u00e9cup\u00e9rer sous\n    certaines conditions les droits LocalSYSTEM\u00a0;\n-   la classe ThreadPool de Windows qui permet \u00e9galement d\u0027ex\u00e9cuter,\n    selon le positionnement des listes de contr\u00f4les d\u0027acc\u00e8s des threads,\n    du code avec des droits \u00e9lev\u00e9s LocalSYSTEM.\n\nCertaines de ces vuln\u00e9rabilit\u00e9s ont fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-012 publi\u00e9e le 10 octobre 2008.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-012 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0080"
    },
    {
      "name": "CVE-2008-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1436"
    },
    {
      "name": "CVE-2009-0079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0079"
    },
    {
      "name": "CVE-2009-0078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0078"
    }
  ],
  "links": [
    {
      "title": "Alerte du CERTA CERTA-2008-ALE-012 du 10 octobre    2008\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-012/"
    }
  ],
  "reference": "CERTA-2009-AVI-142",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Microsoft Windows. Leur exploitation peut conduire \u00e0 une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-012 du 14 avril 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-012.mspx"
    }
  ]
}

GHSA-WR44-5Q83-5VF8

Vulnerability from github – Published: 2022-05-01 23:40 – Updated: 2022-05-01 23:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1436"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-21T17:05:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.",
  "id": "GHSA-wr44-5q83-5vf8",
  "modified": "2022-05-01T23:40:08Z",
  "published": "2022-05-01T23:40:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1436"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/6705"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?storyid=4306"
    },
    {
      "type": "WEB",
      "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
    },
    {
      "type": "WEB",
      "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29867"
    },
    {
      "type": "WEB",
      "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
    },
    {
      "type": "WEB",
      "url": "http://www.argeniss.com/research/Churrasco.zip"
    },
    {
      "type": "WEB",
      "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28833"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019904"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1264/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-ALE-012

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans Microsoft Windows permet à un utilisateur malintentionné d'élever ses privilèges à ceux de LocalSystem.

Description

Une vulnérabilité dans Microsoft Windows permet à un utilisateur malveillant, authentifié sur le système avec le compte NetworkService ou LocalService, d'élever ses privilèges au moyen d'un code exécutable malveillant.

Le service Internet Information Services (IIS) ou encore SQL Server permettent à un utilisateur d'accéder au système avec les comptes lui permettant d'exploiter la vulnérabilité décrite. Cependant, Microsoft annonce que tout service bénéficiant des privilèges SeImpersonatePrivilege peut être vulnérable et être utilisé par un individu malintentionné pour élever ses privilèges sur le système.

Cette vulnérabilité implique que l'utilisateur malveillant puisse télécharger et exécuter sur le serveur vulnérable un fichier exécutable malveillant.

Le savoir-faire nécessaire pour exploiter cette vulnérabilité est disponible sur l'Internet et peut être modifié par un utilisateur malveillant afin d'élever ses privilèges au travers d'autres services qu'Internet Information Services ou SQL Server.

Contournement provisoire

Microsoft propose trois contournements provisoires pour le service Internet Information Service version 6.0 et 7.0 à l'adresse suivante :

http://www.microsoft.com/technet/security/advisory/951306.mspx

Le CERTA recommande les actions suivantes :

interdire l'exécution de programme tiers par les services vulnérables accessibles depuis une zone non-sûre ;
interdire le téléchargement de fichiers distants sur le serveur ;
vérifier le contenu des fichiers téléchargés sur le serveur ;
autoriser l'accès au serveur uniquement aux utilisateurs de confiance.

Solution

Se référer au bulletin de sécurité MS09-012 de Microsoft pour l'obtention des correctifs (cf. section Documentation). Ce dernier est présenté dans l'avis CERTA-2009-AVI-142 du 15 avril 2009.

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2008 32-bit, x64 et système Itanium.
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition et x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition et Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista et Service Pack 1 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 et Service Pack 3 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 pour système Itanium ;

References

Title

Publication Time

Tags

Bloc-note de Microsoft Security Response Center du 09 octobre 2008	None	vendor-advisory
Avis du CERTA CERTA-2009-AVI-142 du 15 avril 2009 :	-	other
Bloc-note de Microsoft Security Response Center du 09 octobre 2008 :	-	other
Bulletin de sécurité Microsoft MS09-012 du 14 avril 2009 :	-	other
Bulletin de sécurité Microsoft #951306 du 17 avril 2008 :	-	other
Référence CVE CVE-2008-1436 :	-	other
Bulletin de sécurité Microsoft MS09-012 du 14 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2008 32-bit, x64 et syst\u00e8me Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64 Edition et x64 Edition Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition et Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista et Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 et Service Pack 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 pour syst\u00e8me Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-04-15",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans Microsoft Windows permet \u00e0 un utilisateur\nmalveillant, authentifi\u00e9 sur le syst\u00e8me avec le compte NetworkService ou\nLocalService, d\u0027\u00e9lever ses privil\u00e8ges au moyen d\u0027un code ex\u00e9cutable\nmalveillant.\n\nLe service Internet Information Services (IIS) ou encore SQL Server\npermettent \u00e0 un utilisateur d\u0027acc\u00e9der au syst\u00e8me avec les comptes lui\npermettant d\u0027exploiter la vuln\u00e9rabilit\u00e9 d\u00e9crite. Cependant, Microsoft\nannonce que tout service b\u00e9n\u00e9ficiant des privil\u00e8ges\nSeImpersonatePrivilege peut \u00eatre vuln\u00e9rable et \u00eatre utilis\u00e9 par un\nindividu malintentionn\u00e9 pour \u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n\nCette vuln\u00e9rabilit\u00e9 implique que l\u0027utilisateur malveillant puisse\nt\u00e9l\u00e9charger et ex\u00e9cuter sur le serveur vuln\u00e9rable un fichier ex\u00e9cutable\nmalveillant.\n\nLe savoir-faire n\u00e9cessaire pour exploiter cette vuln\u00e9rabilit\u00e9 est\ndisponible sur l\u0027Internet et peut \u00eatre modifi\u00e9 par un utilisateur\nmalveillant afin d\u0027\u00e9lever ses privil\u00e8ges au travers d\u0027autres services\nqu\u0027Internet Information Services ou SQL Server.\n\n## Contournement provisoire\n\nMicrosoft propose trois contournements provisoires pour le service\nInternet Information Service version 6.0 et 7.0 \u00e0 l\u0027adresse suivante :\n\n    http://www.microsoft.com/technet/security/advisory/951306.mspx\n\nLe CERTA recommande les actions suivantes :\n\n-   interdire l\u0027ex\u00e9cution de programme tiers par les services\n    vuln\u00e9rables accessibles depuis une zone non-s\u00fbre ;\n-   interdire le t\u00e9l\u00e9chargement de fichiers distants sur le serveur ;\n-   v\u00e9rifier le contenu des fichiers t\u00e9l\u00e9charg\u00e9s sur le serveur ;\n-   autoriser l\u0027acc\u00e8s au serveur uniquement aux utilisateurs de\n    confiance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-012 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation). Ce dernier est\npr\u00e9sent\u00e9 dans l\u0027avis CERTA-2009-AVI-142 du 15 avril 2009.\n",
  "cves": [
    {
      "name": "CVE-2008-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1436"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2009-AVI-142 du 15 avril 2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-142/"
    },
    {
      "title": "Bloc-note de Microsoft Security Response Center du 09    octobre 2008 :",
      "url": "http://blogs.technet.com/msrc/archive/2008/10/09/update-1-microsoft-security-advisory-951306.aspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-012 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-012.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft #951306 du 17 avril 2008 :",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2008-1436 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename=CVE-2008-1436"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-012 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-012.mspx"
    }
  ],
  "reference": "CERTA-2008-ALE-012",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-10T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Microsoft MS09-012.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Microsoft Windows permet \u00e0 un utilisateur\nmalintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de LocalSystem.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bloc-note de Microsoft Security Response Center du 09 octobre 2008",
      "url": null
    }
  ]
}

CERTA-2008-ALE-012

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans Microsoft Windows permet à un utilisateur malintentionné d'élever ses privilèges à ceux de LocalSystem.

Description

Cette vulnérabilité implique que l'utilisateur malveillant puisse télécharger et exécuter sur le serveur vulnérable un fichier exécutable malveillant.

Contournement provisoire

Microsoft propose trois contournements provisoires pour le service Internet Information Service version 6.0 et 7.0 à l'adresse suivante :

http://www.microsoft.com/technet/security/advisory/951306.mspx

Le CERTA recommande les actions suivantes :

interdire l'exécution de programme tiers par les services vulnérables accessibles depuis une zone non-sûre ;
interdire le téléchargement de fichiers distants sur le serveur ;
vérifier le contenu des fichiers téléchargés sur le serveur ;
autoriser l'accès au serveur uniquement aux utilisateurs de confiance.

Solution

Se référer au bulletin de sécurité MS09-012 de Microsoft pour l'obtention des correctifs (cf. section Documentation). Ce dernier est présenté dans l'avis CERTA-2009-AVI-142 du 15 avril 2009.

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2008 32-bit, x64 et système Itanium.
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition et x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition et Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista et Service Pack 1 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 et Service Pack 3 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 pour système Itanium ;

References

Title

Publication Time

Tags

Bloc-note de Microsoft Security Response Center du 09 octobre 2008	None	vendor-advisory
Avis du CERTA CERTA-2009-AVI-142 du 15 avril 2009 :	-	other
Bloc-note de Microsoft Security Response Center du 09 octobre 2008 :	-	other
Bulletin de sécurité Microsoft MS09-012 du 14 avril 2009 :	-	other
Bulletin de sécurité Microsoft #951306 du 17 avril 2008 :	-	other
Référence CVE CVE-2008-1436 :	-	other
Bulletin de sécurité Microsoft MS09-012 du 14 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2008 32-bit, x64 et syst\u00e8me Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64 Edition et x64 Edition Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition et Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista et Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 et Service Pack 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et Service Pack 2 pour syst\u00e8me Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-04-15",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans Microsoft Windows permet \u00e0 un utilisateur\nmalveillant, authentifi\u00e9 sur le syst\u00e8me avec le compte NetworkService ou\nLocalService, d\u0027\u00e9lever ses privil\u00e8ges au moyen d\u0027un code ex\u00e9cutable\nmalveillant.\n\nLe service Internet Information Services (IIS) ou encore SQL Server\npermettent \u00e0 un utilisateur d\u0027acc\u00e9der au syst\u00e8me avec les comptes lui\npermettant d\u0027exploiter la vuln\u00e9rabilit\u00e9 d\u00e9crite. Cependant, Microsoft\nannonce que tout service b\u00e9n\u00e9ficiant des privil\u00e8ges\nSeImpersonatePrivilege peut \u00eatre vuln\u00e9rable et \u00eatre utilis\u00e9 par un\nindividu malintentionn\u00e9 pour \u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n\nCette vuln\u00e9rabilit\u00e9 implique que l\u0027utilisateur malveillant puisse\nt\u00e9l\u00e9charger et ex\u00e9cuter sur le serveur vuln\u00e9rable un fichier ex\u00e9cutable\nmalveillant.\n\nLe savoir-faire n\u00e9cessaire pour exploiter cette vuln\u00e9rabilit\u00e9 est\ndisponible sur l\u0027Internet et peut \u00eatre modifi\u00e9 par un utilisateur\nmalveillant afin d\u0027\u00e9lever ses privil\u00e8ges au travers d\u0027autres services\nqu\u0027Internet Information Services ou SQL Server.\n\n## Contournement provisoire\n\nMicrosoft propose trois contournements provisoires pour le service\nInternet Information Service version 6.0 et 7.0 \u00e0 l\u0027adresse suivante :\n\n    http://www.microsoft.com/technet/security/advisory/951306.mspx\n\nLe CERTA recommande les actions suivantes :\n\n-   interdire l\u0027ex\u00e9cution de programme tiers par les services\n    vuln\u00e9rables accessibles depuis une zone non-s\u00fbre ;\n-   interdire le t\u00e9l\u00e9chargement de fichiers distants sur le serveur ;\n-   v\u00e9rifier le contenu des fichiers t\u00e9l\u00e9charg\u00e9s sur le serveur ;\n-   autoriser l\u0027acc\u00e8s au serveur uniquement aux utilisateurs de\n    confiance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-012 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation). Ce dernier est\npr\u00e9sent\u00e9 dans l\u0027avis CERTA-2009-AVI-142 du 15 avril 2009.\n",
  "cves": [
    {
      "name": "CVE-2008-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1436"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2009-AVI-142 du 15 avril 2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-142/"
    },
    {
      "title": "Bloc-note de Microsoft Security Response Center du 09    octobre 2008 :",
      "url": "http://blogs.technet.com/msrc/archive/2008/10/09/update-1-microsoft-security-advisory-951306.aspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-012 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-012.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft #951306 du 17 avril 2008 :",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2008-1436 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename=CVE-2008-1436"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-012 du 14 avril 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-012.mspx"
    }
  ],
  "reference": "CERTA-2008-ALE-012",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-10T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Microsoft MS09-012.",
      "revision_date": "2009-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Microsoft Windows permet \u00e0 un utilisateur\nmalintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges \u00e0 ceux de LocalSystem.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bloc-note de Microsoft Security Response Center du 09 octobre 2008",
      "url": null
    }
  ]
}

GSD-2008-1436

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1436

Aliases

CVE-2008-1436

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1436",
    "description": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.",
    "id": "GSD-2008-1436"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1436"
      ],
      "details": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.",
      "id": "GSD-2008-1436",
      "modified": "2023-12-13T01:23:03.064324Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-1436",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1019904",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019904"
          },
          {
            "name": "oval:org.mitre.oval:def:5891",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
          },
          {
            "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/951306.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
          },
          {
            "name": "ADV-2008-1264",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1264/references"
          },
          {
            "name": "29867",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29867"
          },
          {
            "name": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html",
            "refsource": "MISC",
            "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
          },
          {
            "name": "6705",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/6705"
          },
          {
            "name": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html",
            "refsource": "MISC",
            "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
          },
          {
            "name": "TA09-104A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "name": "http://www.argeniss.com/research/TokenKidnapping.pdf",
            "refsource": "MISC",
            "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
          },
          {
            "name": "28833",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28833"
          },
          {
            "name": "ms-windows-localsystem-privilege-escalation(41880)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
          },
          {
            "name": "http://www.argeniss.com/research/Churrasco.zip",
            "refsource": "MISC",
            "url": "http://www.argeniss.com/research/Churrasco.zip"
          },
          {
            "name": "MS09-012",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
          },
          {
            "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
          },
          {
            "name": "ADV-2009-1026",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1026"
          },
          {
            "name": "http://isc.sans.org/diary.html?storyid=4306",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?storyid=4306"
          },
          {
            "name": "http://milw0rm.com/sploits/2008-Churrasco.zip",
            "refsource": "MISC",
            "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:vista:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:vista:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-1436"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019904",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019904"
            },
            {
              "name": "29867",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29867"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=4306",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary.html?storyid=4306"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/951306.mspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
            },
            {
              "name": "28833",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28833"
            },
            {
              "name": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
            },
            {
              "name": "http://www.argeniss.com/research/Churrasco.zip",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.argeniss.com/research/Churrasco.zip"
            },
            {
              "name": "http://milw0rm.com/sploits/2008-Churrasco.zip",
              "refsource": "MISC",
              "tags": [],
              "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
            },
            {
              "name": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
            },
            {
              "name": "http://www.argeniss.com/research/TokenKidnapping.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
            },
            {
              "name": "ADV-2009-1026",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1026"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "ADV-2008-1264",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1264/references"
            },
            {
              "name": "ms-windows-localsystem-privilege-escalation(41880)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
            },
            {
              "name": "6705",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/6705"
            },
            {
              "name": "oval:org.mitre.oval:def:5891",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
            },
            {
              "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
            },
            {
              "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
            },
            {
              "name": "MS09-012",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-02-26T14:04Z",
      "publishedDate": "2008-04-21T17:05Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1436 (GCVE-0-2008-1436)

FKIE_CVE-2008-1436

CERTA-2009-AVI-142

Description

Solution

CERTA-2009-AVI-142

Description

Solution

GHSA-WR44-5Q83-5VF8

CERTA-2008-ALE-012

Description

Contournement provisoire

Solution

CERTA-2008-ALE-012

Description

Contournement provisoire

Solution

GSD-2008-1436

Tags

Sightings

Nomenclature