CVE-2008-1436
EXPLOITEDMicrosoft Windows XP-Vista-2003-2008 - Privilege Escalation
Title source: llmDescription
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Cesar Cerrudo · textlocalwindows
https://www.exploit-db.com/exploits/6705
exploitdb
SUSPICIOUS
VERIFIED
by Cesar Cerrudo · textlocalwindows
https://www.exploit-db.com/exploits/31667
References (20)
Scores
EPSS
0.5788
EPSS Percentile
98.2%
Details
VulnCheck KEV
2009-04-14
CWE
CWE-264
Status
published
Products (5)
microsoft/windows-nt
vista sp1 (3 CPE variants)
microsoft/windows_server_2003
(4 CPE variants)
microsoft/windows_server_2008
(3 CPE variants)
microsoft/windows_vista
(2 CPE variants)
microsoft/windows_xp
Published
Apr 21, 2008
Tracked Since
Feb 18, 2026