Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2010

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-2010
Last Modified 29 Jan 2013 11:39:45
Published 13 Dec 2011 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2010

Summary

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

Vulnerable Systems

Application

  • Microsoft Pinyin Ime 2010

  • Microsoft Pinyin New Experience Style 2010

  • Microsoft Pinyin Simple Fast Style 2010


References

MS - MS11-088

CERT - TA11-347A

Related Patches

MS11-088 Security Update for Microsoft Office 2010 32-Bit Edition (KB2596511)

MS11-088 Security Update for Microsoft Office 2010 64-Bit Edition (KB2596511)


Last Updated: 27 May 2016 10:57:15