fkie_nvd - fkie_cve-2008-1436

FKIE_CVE-2008-1436

Vulnerability from fkie_nvd - Published: 2008-04-21 17:05 - Updated: 2025-04-09 00:30

Severity ?

Summary

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx
secure@microsoft.com	http://isc.sans.org/diary.html?storyid=4306
secure@microsoft.com	http://milw0rm.com/sploits/2008-Churrasco.zip
secure@microsoft.com	http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
secure@microsoft.com	http://secunia.com/advisories/29867	Vendor Advisory
secure@microsoft.com	http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html
secure@microsoft.com	http://www.argeniss.com/research/Churrasco.zip
secure@microsoft.com	http://www.argeniss.com/research/TokenKidnapping.pdf
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/951306.mspx
secure@microsoft.com	http://www.securityfocus.com/archive/1/491111/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/497168/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/28833
secure@microsoft.com	http://www.securitytracker.com/id?1019904
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/1264/references	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1026	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41880
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891
secure@microsoft.com	https://www.exploit-db.com/exploits/6705
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=4306
af854a3a-2127-422b-91ae-364da2661108	http://milw0rm.com/sploits/2008-Churrasco.zip
af854a3a-2127-422b-91ae-364da2661108	http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29867	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html
af854a3a-2127-422b-91ae-364da2661108	http://www.argeniss.com/research/Churrasco.zip
af854a3a-2127-422b-91ae-364da2661108	http://www.argeniss.com/research/TokenKidnapping.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/951306.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491111/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/497168/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28833
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019904
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1264/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1026	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41880
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6705

Impacted products

Vendor	Product	Version
microsoft	windows-nt	vista
microsoft	windows-nt	vista
microsoft	windows-nt	vista
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "C52FFD3E-195E-4A61-9789-AF5A3EFB3A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9E15E896-99D9-4558-B85E-069D2F2EA565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:vista:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "0BA8CAFA-7C40-4692-A7C4-403315BF3E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
              "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
    },
    {
      "lang": "es",
      "value": "Microsoft Windows XP Professional SP2, vista y Server 2003 y 2008 no asignan apropiadamente las actividades a las cuentas (1) NetworkService y (2) LocalService, lo que podr\u00eda permitir que los atacantes dependientes del contexto consigan privilegios mediante el uso de un proceso de servicio para capturar un recurso de un segundo proceso de servicio que tiene una capacidad de escalado de privilegios LocalSystem, relacionada con la administraci\u00f3n inadecuada del derecho de usuario SeImpersonatePrivilege, como se inform\u00f3 originalmente para Internet Information Services (IIS), tambi\u00e9n se conoce como token Secuestro."
    }
  ],
  "id": "CVE-2008-1436",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-21T17:05:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://isc.sans.org/diary.html?storyid=4306"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29867"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.argeniss.com/research/Churrasco.zip"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/28833"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019904"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1264/references"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1026"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/6705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=4306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.argeniss.com/research/Churrasco.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1264/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6705"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-1436 (GCVE-0-2008-1436)

Vulnerability from cvelistv5 – Published: 2008-04-21 17:00 – Updated: 2024-08-07 08:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id?1019904	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/491111/100…	mailing-listx_refsource_BUGTRAQ
	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/1264…	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29867	third-party-advisoryx_refsource_SECUNIA
	http://securitywatch.eweek.com/flaws/microsoft_be…	x_refsource_MISC
	https://www.exploit-db.com/exploits/6705	exploitx_refsource_EXPLOIT-DB
	http://nomoreroot.blogspot.com/2008/10/windows-20…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	third-party-advisoryx_refsource_CERT
	http://www.argeniss.com/research/TokenKidnapping.pdf	x_refsource_MISC
	http://www.securityfocus.com/bid/28833	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.argeniss.com/research/Churrasco.zip	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/497168/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2009/1026	vdb-entryx_refsource_VUPEN
	http://isc.sans.org/diary.html?storyid=4306	x_refsource_MISC
	http://milw0rm.com/sploits/2008-Churrasco.zip	x_refsource_MISC
	http://blogs.technet.com/msrc/archive/2008/04/17/…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:42.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019904",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019904"
          },
          {
            "name": "oval:org.mitre.oval:def:5891",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
          },
          {
            "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
          },
          {
            "name": "ADV-2008-1264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1264/references"
          },
          {
            "name": "29867",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29867"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
          },
          {
            "name": "6705",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6705"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
          },
          {
            "name": "TA09-104A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
          },
          {
            "name": "28833",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28833"
          },
          {
            "name": "ms-windows-localsystem-privilege-escalation(41880)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.argeniss.com/research/Churrasco.zip"
          },
          {
            "name": "MS09-012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
          },
          {
            "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
          },
          {
            "name": "ADV-2009-1026",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1026"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=4306"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1019904",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019904"
        },
        {
          "name": "oval:org.mitre.oval:def:5891",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
        },
        {
          "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
        },
        {
          "name": "ADV-2008-1264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1264/references"
        },
        {
          "name": "29867",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29867"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
        },
        {
          "name": "6705",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6705"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
        },
        {
          "name": "TA09-104A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
        },
        {
          "name": "28833",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28833"
        },
        {
          "name": "ms-windows-localsystem-privilege-escalation(41880)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.argeniss.com/research/Churrasco.zip"
        },
        {
          "name": "MS09-012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
        },
        {
          "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
        },
        {
          "name": "ADV-2009-1026",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1026"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=4306"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-1436",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019904",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019904"
            },
            {
              "name": "oval:org.mitre.oval:def:5891",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891"
            },
            {
              "name": "20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491111/100/0/threaded"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/951306.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/951306.mspx"
            },
            {
              "name": "ADV-2008-1264",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1264/references"
            },
            {
              "name": "29867",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29867"
            },
            {
              "name": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html",
              "refsource": "MISC",
              "url": "http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html"
            },
            {
              "name": "6705",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6705"
            },
            {
              "name": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html",
              "refsource": "MISC",
              "url": "http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "http://www.argeniss.com/research/TokenKidnapping.pdf",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/TokenKidnapping.pdf"
            },
            {
              "name": "28833",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28833"
            },
            {
              "name": "ms-windows-localsystem-privilege-escalation(41880)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41880"
            },
            {
              "name": "http://www.argeniss.com/research/Churrasco.zip",
              "refsource": "MISC",
              "url": "http://www.argeniss.com/research/Churrasco.zip"
            },
            {
              "name": "MS09-012",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012"
            },
            {
              "name": "20081008 Token Kidnapping Windows 2003 PoC exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/497168/100/0/threaded"
            },
            {
              "name": "ADV-2009-1026",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1026"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=4306",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=4306"
            },
            {
              "name": "http://milw0rm.com/sploits/2008-Churrasco.zip",
              "refsource": "MISC",
              "url": "http://milw0rm.com/sploits/2008-Churrasco.zip"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-1436",
    "datePublished": "2008-04-21T17:00:00",
    "dateReserved": "2008-03-21T00:00:00",
    "dateUpdated": "2024-08-07T08:24:42.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2008-1436

CVE-2008-1436 (GCVE-0-2008-1436)

Tags

Sightings

Nomenclature