Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office IME (Chinese) vulnerability could allow escalation of privilege


Report ID: MS201309009
Date Published: 11 September 2013

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Microsoft Pinyin IME 2010




Summary

A vulnerability in Office IME for Chinese could be exploited into elevating a user's access privileges on a system.



Detailed Description

Microsoft has released a security update following a report of an escalation of privilege vulnerability in Office IME for Chinese. The vulnerability was caused when Office Pinyin IME (Chinese) allows a user to elevate his/her access privileges on the local system. An attacker may exploit this vulnerability to be able to execute code and take control of an affected system.

This vulnerability has been resolved in the latest update which addresses Microsoft Pinyin IME configuration to run on a secure desktop. Users are recommended to install the update to protect their system from exploit attempts.



CVE Reference

CVE-2013-3859



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-075)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.