Vulnerability Description
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows 7 | - |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://support.microsoft.com/kb/2264072PatchVendor Advisory
- http://support.microsoft.com/kb/982316PatchVendor Advisory
- http://www.microsoft.com/technet/security/advisory/2264072.mspxVendor Advisory
- http://support.microsoft.com/kb/2264072PatchVendor Advisory
- http://support.microsoft.com/kb/982316PatchVendor Advisory
- http://www.microsoft.com/technet/security/advisory/2264072.mspxVendor Advisory
FAQ
What is CVE-2010-1886?
CVE-2010-1886 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a proce...
How severe is CVE-2010-1886?
CVE-2010-1886 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1886?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Vista, Microsoft Windows Xp.