Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."
References
Link | Resource |
---|---|
http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-09-11 07:03
Updated : 2018-10-12 15:05
NVD link : CVE-2013-3859
Mitre link : CVE-2013-3859
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
microsoft
- office
- pinyin_ime