Executive Summary

Summary
Title Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
Informations
Name MS13-075 First vendor Publication 2013-09-10
Vendor Microsoft Last vendor Modification 2013-12-18
Severity (Vendor) Version Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V1.1 (December 18, 2013): Clarified that only implementations of Microsoft Pinyin IME 2010 are affected by the vulnerability. However, this update may be offered to systems with a non-vulnerable IME. This helps to maintain consistency for shared files across Office products. For more information, see the Update FAQ.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS13-075

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-09-12 IAVM : 2013-B-0102 - Microsoft Office Input Method Editor (IME) Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0040301

Nessus® Vulnerability Scanner

Date Description
2013-09-17 Name : The version of Microsoft Office installed on the remote Windows host has a pr...
File : smb_nt_ms13-075.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Date Informations
2016-04-27 02:02:52
  • Multiple Updates
2014-05-06 11:35:09
  • Multiple Updates
2014-05-06 11:32:41
  • Multiple Updates
2014-04-19 00:26:08
  • Multiple Updates
2014-04-19 00:17:56
  • Multiple Updates
2014-04-18 21:28:37
  • Multiple Updates
2014-04-18 21:19:15
  • Multiple Updates
2014-04-18 17:26:23
  • Multiple Updates
2014-04-18 17:18:19
  • Multiple Updates
2014-04-18 13:29:54
  • Multiple Updates
2014-04-18 13:19:15
  • Multiple Updates
2014-04-18 09:27:09
  • Multiple Updates
2014-04-18 09:18:38
  • Multiple Updates
2014-04-18 05:28:02
  • Multiple Updates
2014-04-18 05:19:41
  • Multiple Updates
2014-04-18 00:26:21
  • Multiple Updates
2014-04-18 00:18:04
  • Multiple Updates
2014-04-17 21:25:59
  • Multiple Updates
2014-04-17 21:19:03
  • Multiple Updates
2014-04-17 17:26:37
  • Multiple Updates
2014-04-17 17:18:13
  • Multiple Updates
2014-04-17 13:29:31
  • Multiple Updates
2014-04-17 13:19:20
  • Multiple Updates
2014-04-17 09:07:48
  • Multiple Updates
2014-02-17 11:47:47
  • Multiple Updates
2013-12-19 00:15:59
  • Multiple Updates
2013-11-11 12:41:36
  • Multiple Updates
2013-09-12 00:22:47
  • Multiple Updates
2013-09-11 21:22:46
  • Multiple Updates
2013-09-10 21:20:40
  • First insertion