CVE-2008-1436

N/A Unknown

Published: April 21, 2008 Modified: April 23, 2026

Description

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx

Source: secure@microsoft.com

http://isc.sans.org/diary.html?storyid=4306

Source: secure@microsoft.com

http://milw0rm.com/sploits/2008-Churrasco.zip

Source: secure@microsoft.com

http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html

Source: secure@microsoft.com

http://secunia.com/advisories/29867

Source: secure@microsoft.com

Vendor Advisory

http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html

Source: secure@microsoft.com

http://www.argeniss.com/research/Churrasco.zip

Source: secure@microsoft.com

http://www.argeniss.com/research/TokenKidnapping.pdf

Source: secure@microsoft.com

http://www.microsoft.com/technet/security/advisory/951306.mspx

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/491111/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/497168/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/28833

Source: secure@microsoft.com

http://www.securitytracker.com/id?1019904

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2008/1264/references

Source: secure@microsoft.com

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1026

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/41880

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891

Source: secure@microsoft.com

https://www.exploit-db.com/exploits/6705

Source: secure@microsoft.com

http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://isc.sans.org/diary.html?storyid=4306

Source: af854a3a-2127-422b-91ae-364da2661108

http://milw0rm.com/sploits/2008-Churrasco.zip

Source: af854a3a-2127-422b-91ae-364da2661108

http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29867

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.argeniss.com/research/Churrasco.zip

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.argeniss.com/research/TokenKidnapping.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.microsoft.com/technet/security/advisory/951306.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/491111/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/497168/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28833

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019904

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2008/1264/references

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1026

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41880

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6705

Source: af854a3a-2127-422b-91ae-364da2661108

40 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

57.9%

98th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

microsoft

Related CVEs

CVE-2026-42615 7.2

CVE-2026-23773 4.3

CVE-2026-40560 N/A

CVE-2026-7363 N/A

CVE-2026-7361 N/A