Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2010-1886

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
16/08/2010
Last modified:
11/04/2025

Description

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."

Impact

Vector 2.0
AV:L/AC:L/Au:S/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0
6.80
Severity 2.0
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools