| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-088 | Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) | Microsoft Office | Important | 14-12-2011 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed.
Detailed Information on the risk:
An elevation of privilege vulnerability exists due to the way that the Microsoft Office IME (Chinese) improperly exposes configuration options not designed to run on the secure desktop. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Further information on this exploit is available at : MS11-088
Affected Software
Microsoft Office 2010 and Microsoft Office 2010 Service Pack 1 (32-bit editions)Microsoft Office 2010 and Microsoft Office 2010 Service Pack 1 (64-bit editions)
Microsoft Office Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New Experience Style 2010 (32-bit version) (KB2647540)
Microsoft Office Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New Experience Style 2010 (64-bit version) (KB2647540)