Heap-based Buffer Overflow in Microsoft Input Method Editor by Microsoft
CVE-2026-58534

8.8HIGH

What is CVE-2026-58534?

A heap-based buffer overflow vulnerability in the Microsoft Input Method Editor (IME) allows an authorized attacker to elevate their local privileges. This weakness could be exploited to gain increased access to system resources, thereby compromising the security of the affected system. Users are encouraged to apply security updates to mitigate this vulnerability effectively. For more details, refer to the official advisory from Microsoft.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9339

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.9020

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7548

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.