MS13-075 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
2013-09-10 This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Chinese IME Vulnerability
- An elevation of privilege vulnerability exists in Office IME for Chinese that could allow a low-privilege user to elevate their access privileges.
CVE-2013-3859
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
Max CVSS
6.9
EPSS Score
0.04%
Published
2013-09-11
Updated
2018-10-12