What is CVE-2015-2418?

CVE-2015-2418 is a vulnerability in Microsoft Malicious_software_removal_tool, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2015-07-20.

Is CVE-2015-2418 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Malicious_software_removal_tool

CVE-2015-2418

Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to gain privileges via a crafted DLL, aka "MSRT Race Condition Vulnerability."

Vulnerability class: Race Condition

EPSS: 0.011 (78.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Malicious_software_removal_tool
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
1032901 (vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-2418?: CVE-2015-2418 is a vulnerability in Microsoft Malicious_software_removal_tool, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2015-07-20.
Is CVE-2015-2418 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.