Executive Summary
Summary | |
---|---|
Title | Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) |
Informations | |||
---|---|---|---|
Name | MS11-088 | First vendor Publication | 2011-12-13 |
Vendor | Microsoft | Last vendor Modification | 2012-02-22 |
Severity (Vendor) | Important | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (February 22, 2012): Clarified product support status for Microsoft Office Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New Experience Style 2010. These versions of Microsoft Office Pinyin are no longer supported. Microsoft recommends that all customers of these versions upgrade to the latest version of Microsoft Pinyin IME 2010 available through Microsoft Office 2010. See update FAQ for details. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-088 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-12-14 | Name : Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016) File : nvt/secpod_ms11-088.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77669 | Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Opt... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-12-15 | IAVM : 2011-B-0146 - Microsoft Office Input Method Editor (IME) Privilege Escalation Vulnerability Severity : Category II - VMSKEY : V0030822 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-12-13 | Name : The version of Microsoft Office installed on the remote Windows host has a pr... File : smb_nt_ms11-088.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:47:10 |
|
2013-11-11 12:41:26 |
|