Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-2010

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

Published

2011-12-14T00:55:01.247

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	pinyin_ime	2010	Yes
Application	microsoft	pinyin_ime	2010	Yes
Application	microsoft	pinyin_new_experience_style	2010	Yes
Application	microsoft	pinyin_new_experience_style	2010	Yes
Application	microsoft	pinyin_simple_fast_style	2010	Yes
Application	microsoft	pinyin_simple_fast_style	2010	Yes

References

http://www.us-cert.gov/cas/techalerts/TA11-347A.html US Government Resource ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA11-347A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088 (af854a3a-2127-422b-91ae-364da2661108)