4 results (0.011 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability Vulnerabilidad que permite realizar una escalada de privilegios a través de la herramienta de eliminación de software malicioso de Windows (MSRT) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios cuando la Windows Malicious Software Removal Tool (MSRT) maneja inapropiadamente las uniones. Para explotar esta vulnerabilidad, un atacante primero tendría que obtener la ejecución sobre el sistema víctima, también se conoce como "Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733 •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability." Vulnerabilidad en Race condition en Microsoft Malicious Software Removal Tool (MSRT) anterior a 5.26 permite a usuarios locales obtener privilegios a través de DLL manipulado, también conocida como 'MSRT Race Condition Vulnerability'. • http://packetstormsecurity.com/files/163755/Microsoft-Windows-Malicious-Software-Removal-Tool-Privilege-Escalation.html http://www.securitytracker.com/id/1032901 https://technet.microsoft.com/library/security/3074162 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. Microsoft Malware Protection Engine anterior a v1.1.6603.0, tal como se utilizó en Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, y Windows Live OneCare, permite a usuarios locales conseguir privilegios a través de un valor manipulado de una clave de registro de usuario sin especificar • http://secunia.com/advisories/43468 http://securitytracker.com/id?1025117 http://www.microsoft.com/technet/security/advisory/2491888.mspx http://www.securityfocus.com/bid/46540 http://www.vupen.com/english/advisories/2011/0486 https://exchange.xforce.ibmcloud.com/vulnerabilities/65626 • CWE-20: Improper Input Validation •