CVE-2008-1436

EPSS 57.88% · P98 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-1436

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Windows 权限许可和访问控制漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows是美国微软（Microsoft）公司的一套个人设备使用的操作系统。 Microsoft Windows 存在权限许可和访问控制漏洞，如果本地攻击者能够通过IIS(ASP.NET代码以完全可信任权限运行或通过ISAPI扩展/过滤器运行)和SQL Server(可以管理权限加载和运行代码)在已认证的环境中运行代码的话，就可能以LocalSystem权限执行任意指令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-1436

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-1436

请登录查看更多情报信息。

http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspxx_refsource_CONFIRM
http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.htmlx_refsource_MISC
http://isc.sans.org/diary.html?storyid=4306x_refsource_MISC
http://www.microsoft.com/technet/security/advisory/951306.mspxx_refsource_CONFIRM
http://milw0rm.com/sploits/2008-Churrasco.zipx_refsource_MISC
http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.htmlx_refsource_MISC
http://www.argeniss.com/research/TokenKidnapping.pdfx_refsource_MISC
http://www.argeniss.com/research/Churrasco.zipx_refsource_MISC
https://www.exploit-db.com/exploits/6705exploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/29867third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/28833vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1019904vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-012vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlthird-party-advisoryx_refsource_CERT
http://www.vupen.com/english/advisories/2008/1264/referencesvdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/1026vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5891vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/497168/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/41880vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/491111/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2008-1436

Same Patch Batch · n/a · 2008-04-21 · 18 CVEs total

CVE-2008-1911		1024 CMS 'includes/system.php' SQL注入漏洞
CVE-2008-1898		Microsoft Works 7 WkImgSrv.dll ActiveX控件远程代码执行漏洞
CVE-2008-1694		GNU Emacs创建不安全临时文件漏洞
CVE-2008-1679		Python zlib模块远程溢出漏洞
CVE-2008-1613		RedDot CMS ioRD.asp文件SQL注入漏洞
CVE-2008-1102		Blender radiance_hdr.c文件远程栈溢出漏洞
CVE-2008-1902		aptlinex GUI 设计错误漏洞
CVE-2008-1901		Debian Aptlinex gambas-apt.lock 后置链接漏洞
CVE-2008-1900		carbon_communities option_Update.asp 设计错误漏洞
CVE-2008-1903		NewsOffice 'news_show.php'远程文件包含漏洞
CVE-2008-1910		Borland InterBase ibserver.exe服务远程缓冲区溢出漏洞
CVE-2008-1909		PHPKB 'comment.php' SQL注入漏洞
CVE-2008-1908		cpCommerce多个目录遍历漏洞
CVE-2008-1907		cpCommerce functions/display_page.func.php 多个SQL注入漏洞
CVE-2008-1906		cpCommerce calendar.php 跨站脚本攻击漏洞
CVE-2008-1905		nero MediaHome 拒绝服务漏洞
CVE-2008-1904		CcMail Cookie 安全绕过漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-1436

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2008-1436

I. Basic Information for CVE-2008-1436

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-1436

III. Intelligence Information for CVE-2008-1436

Same Patch Batch · n/a · 2008-04-21 · 18 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2008-1436

Leave a comment