Microsoft Office IME (Chinese) vulnerability could allow escalation of privilege
Report ID: MS201112002
Date Published: 14 December 2011
Compromise Type: privilege-escalation
Compromise From: local-system
Microsoft Pinyin IME 2010
Microsoft Office Pinyin SimpleFast Style 2010
Microsoft Office Pinyin New Experience Style 2010
A vulnerability in Microsoft Office IME (Chinese) could allow an attacker to execute arbitrary code in kernel mode.
Microsoft has released a security update for Microsoft Office IME (Chinese) which was affected by a privilege escalation vulnerability. The vulnerability was caused when configuration options that is not designed to run on a secure desktop was improperly exposed. Upon successful exploit, an attacker could be able to execute arbitrary code in kernel mode.
This issue has been fixed in the security update by correcting the way that Microsoft Office IME (Chinese) exposes configuration option. Users are recommended to install the latest update to protect their system from potential exploit.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-088)