Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-3859

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

Published

2013-09-11T14:03:48.307

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	office	2010	Yes
Application	microsoft	office	2010	Yes
Application	microsoft	office	2010	Yes
Application	microsoft	pinyin_ime	2010	Yes
Application	microsoft	pinyin_ime	2010	Yes

References

http://www.us-cert.gov/ncas/alerts/TA13-253A US Government Resource ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075 ([email protected])
http://www.us-cert.gov/ncas/alerts/TA13-253A US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075 (af854a3a-2127-422b-91ae-364da2661108)