Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Windows 权限许可和访问控制漏洞
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows 存在权限许可和访问控制漏洞,如果本地攻击者能够通过IIS(ASP.NET代码以完全可信任权限运行或通过ISAPI扩展/过滤器运行)和SQL Server(可以管理权限加载和运行代码)在已认证的环境中运行代码的话,就可能以LocalSystem权限执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A