Vulnerability in Microsoft Pinyin IME Configuration Options for Chinese Language Support
CVE-2011-2010

Currently unrated

Key Information:

Vendor: Microsoft
Status: Pinyin Simple Fast Style; Pinyin Ime; Pinyin New Experience Style
Vendor: CVE Published:; 14 December 2011

What is CVE-2011-2010?

The Microsoft Pinyin Input Method Editor (IME) for Simplified Chinese exhibits a vulnerability that allows local users to gain elevated privileges through insecure access to configuration options. This issue is particularly evident within the Microsoft Pinyin IME toolbar, enabling unauthorized users to manipulate settings and potentially compromise system integrity.

References

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2011
Vulnerability Reserved
May 9, 2011