CVE-2008-1436 Information

Description

Microsoft Windows XP Professional SP2 Vista and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability related to improper management of the SeImpersonatePrivilege user right as originally reported for Internet Information Services (IIS) aka Token Kidnapping.

Reference

http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx http://isc.sans.org/diary.html?storyid=4306 http://milw0rm.com/sploits/2008-Churrasco.zip http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html http://secunia.com/advisories/29867 http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html http://www.argeniss.com/research/Churrasco.zip http://www.argeniss.com/research/TokenKidnapping.pdf http://www.microsoft.com/technet/security/advisory/951306.mspx http://www.securityfocus.com/archive/1/491111/100/0/threaded http://www.securityfocus.com/archive/1/497168/100/0/threaded http://www.securityfocus.com/bid/28833 http://www.securitytracker.com/id?1019904 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2008/1264/references http://www.vupen.com/english/advisories/2009/1026 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012 https://exchange.xforce.ibmcloud.com/vulnerabilities/41880 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5891 https://www.exploit-db.com/exploits/6705