Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
Software | From | Fixed in |
---|---|---|
microsoft / windows_xp | - | - |
microsoft / windows_server_2003 | - | - |
microsoft / windows-nt | vista-sp1 | vista-sp1.x |
microsoft / windows-nt | vista-sp2 | vista-sp2.x |
microsoft / windows_vista | - | - |
microsoft / windows_vista | --sp1 | --sp1.x |
microsoft / windows_server_2008 | - | - |