Privilege Escalation Vulnerability in Microsoft Pinyin IME 2010 with Office 2010
CVE-2013-3859

Currently unrated

Key Information:

Vendor: Microsoft
Status: Pinyin Ime; Office
Vendor: CVE Published:; 11 September 2013

Summary

The Microsoft Pinyin IME 2010, when utilized alongside Microsoft Office 2010 SP1, presents a vulnerability that inadequately restricts configuration options. This oversight allows local users to exploit the system by launching Internet Explorer through the IME toolbar, potentially gaining elevated privileges within the operating system.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/ncas/alerts/TA13-253A

third-party-advisoryx_refsource_CERT

Timeline

Vulnerability published
Sep 11, 2013
Vulnerability Reserved
Jun 3, 2013