MS13-075  Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege

2013-09-10 This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Vulnerabilities addressed in this bulletin:
Chinese IME Vulnerability
An elevation of privilege vulnerability exists in Office IME for Chinese that could allow a low-privilege user to elevate their access privileges.
CVE-2013-3859

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2013-3859

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
Max CVSS
6.9
EPSS Score
0.04%
Published
2013-09-11
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close