← Back

CVE-2010-1886

nvd nist
Published: Aug 16, 2010Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:L/AC:L/Au:S/C:C/I:C/A:C
Exploitability: 3.1 / Impact: 10.0
Source: NVD

Description

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."

Affected (13)

Microsoft
5 products
Windows 2003 Server
Windows 7
Windows Server 2008
Windows Vista
Windows Xp
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows 2003 Server
All versions
Windows 2003 Server
All versions
Windows 2003 Server
All versions
Windows 7
All versions
Microsoft
Windows Server 2008
All versions
Windows Server 2008
All versions
Windows Server 2008
All versions
Windows Server 2008
Version r2
Windows Server 2008
Version r2
Microsoft
Windows Vista
All versions
Windows Vista
All versions
Microsoft
Windows Xp
All versions
Windows Xp
All versions

Related CWEs

CWE-264
CWE-264

References (6)

Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.