Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office IME (Chinese) vulnerability could allow escalation of privilege


Report ID: MS201112002
Date Published: 14 December 2011

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Microsoft Pinyin IME 2010
Microsoft Office Pinyin SimpleFast Style 2010
Microsoft Office Pinyin New Experience Style 2010




Summary

A vulnerability in Microsoft Office IME (Chinese) could allow an attacker to execute arbitrary code in kernel mode.



Detailed Description

Microsoft has released a security update for Microsoft Office IME (Chinese) which was affected by a privilege escalation vulnerability. The vulnerability was caused when configuration options that is not designed to run on a secure desktop was improperly exposed. Upon successful exploit, an attacker could be able to execute arbitrary code in kernel mode.

This issue has been fixed in the security update by correcting the way that Microsoft Office IME (Chinese) exposes configuration option. Users are recommended to install the latest update to protect their system from potential exploit.

 



CVE Reference

CVE-2011-2010



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-088)




Online Virus Scanner

 
Run a quick online virus scan of your computer.