VYPR
Unrated severityNVD Advisory· Published Apr 21, 2008· Updated Jun 16, 2026

CVE-2008-1436

CVE-2008-1436

Description

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows-nt:vista:sp1:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows-nt:vista:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows-nt:vista:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Windows3 versions
    cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
    • (no CPE)range: XP Professional SP2, Vista, Server 2003, Server 2008
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.