Executive Summary

Summary
Title Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
Informations
Name MS11-088 First vendor Publication 2011-12-13
Vendor Microsoft Last vendor Modification 2012-02-22
Severity (Vendor) Important Revision 1.2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.2 (February 22, 2012): Clarified product support status for Microsoft Office Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New Experience Style 2010. These versions of Microsoft Office Pinyin are no longer supported. Microsoft recommends that all customers of these versions upgrade to the latest version of Microsoft Pinyin IME 2010 available through Microsoft Office 2010. See update FAQ for details.

Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-088

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 2
Application 2

OpenVAS Exploits

Date Description
2011-12-14 Name : Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
File : nvt/secpod_ms11-088.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77669 Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Opt...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-12-15 IAVM : 2011-B-0146 - Microsoft Office Input Method Editor (IME) Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0030822

Nessus® Vulnerability Scanner

Date Description
2011-12-13 Name : The version of Microsoft Office installed on the remote Windows host has a pr...
File : smb_nt_ms11-088.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:47:10
  • Multiple Updates
2013-11-11 12:41:26
  • Multiple Updates