CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."

Published: Aug 16, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-1886
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / windows_xp	--sp3	--sp3.x
microsoft / windows_vista	-	-
microsoft / windows_server_2008	-	-
microsoft / windows_server_2008	r2	r2.x
microsoft / windows_2003_server	--sp2	--sp2.x
microsoft / windows_xp	-	-
microsoft / windows_2003_server	-	-

http://support.microsoft.com/kb/2264072
http://support.microsoft.com/kb/982316
http://www.microsoft.com/technet/security/advisory/2264072.mspx

Vulnerability Database

290,020

CVE-2010-1886