Lucene search

MicrosoftCVE-2010-1886

HistoryAug 16, 2010 - 6:39 p.m.

CVE-2010-1886

2010-08-1618:39:40

CWE-264

microsoft

web.nvd.nist.gov

cve-2010-1886

microsoft windows

privilege escalation

networkservice

localsystem

security boundary

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a “security boundary.”

Affected configurations

Nvd

Node

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_2003_serverMatch-sp2x64

microsoftwindows_7Match-

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2itanium

microsoftwindows_server_2008Matchr2itanium

microsoftwindows_server_2008Matchr2x64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_xpsp2professional

microsoftwindows_xpMatch-sp3

VendorProductVersionCPE
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_2003_server-cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_2003_server	-	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium:::::
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp1::::::*

Rows per page:

1-10 of 131

References

support.microsoft.com/kb/2264072

support.microsoft.com/kb/982316

www.microsoft.com/technet/security/advisory/2264072.mspx

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Related for CVE-2010-1886