CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21725 – Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21725
10 Jan 2023 — Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability Vulnerabilidad que permite realizar una escalada de privilegios a través de la herramienta de eliminación de software malicioso de Windows (MSRT) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-0733
https://notcve.org/view.php?id=CVE-2020-0733
11 Feb 2020 — An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios cuando la Windows Malicious Software Removal Tool (MSRT) maneja inapropiadamente las uniones. Para explotar esta vulnerabilidad, un ataca... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0733 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2418 – Microsoft Windows Malicious Software Removal Tool Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2418
20 Jul 2015 — Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability." Vulnerabilidad en Race condition en Microsoft Malicious Software Removal Tool (MSRT) anterior a 5.26 permite a usuarios locales obtener privilegios a través de DLL manipulado, también conocida como 'MSRT Race Condition Vulnerability'. • https://packetstorm.news/files/id/163755 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-0037
https://notcve.org/view.php?id=CVE-2011-0037
25 Feb 2011 — Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. Microsoft Malware Protection Engine anterior a v1.1.6603.0, tal como se utilizó en Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, F... • http://secunia.com/advisories/43468 • CWE-20: Improper Input Validation •