Microsoft Office IME (Chinese) vulnerability could allow escalation of privilege
Report ID: MS201309009
Date Published: 11 September 2013
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Microsoft Pinyin IME 2010
Summary
A vulnerability in Office IME for Chinese could be exploited into elevating a user's access privileges on a system.
Detailed Description
Microsoft has released a security update following a report of an escalation of privilege vulnerability in Office IME for Chinese. The vulnerability was caused when Office Pinyin IME (Chinese) allows a user to elevate his/her access privileges on the local system. An attacker may exploit this vulnerability to be able to execute code and take control of an affected system.
This vulnerability has been resolved in the latest update which addresses Microsoft Pinyin IME configuration to run on a secure desktop. Users are recommended to install the update to protect their system from exploit attempts.
CVE Reference
CVE-2013-3859
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-075)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
