Microsoft Distributed Transaction Coordinator Service Isolation VulnerabilityID: oval:org.mitre.oval:def:5891 | Date: (C)2009-04-14 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |
Product: |
Microsoft Distributed Transaction Coordinator |