Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to microsoft - pinyin_simple_fast_style

Vulnerability from fkie_nvd

Published

2011-12-14 00:55

Modified

2024-11-21 01:27

Severity ?

Summary

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088

Impacted products

Vendor	Product	Version
microsoft	pinyin_ime	2010
microsoft	pinyin_ime	2010
microsoft	pinyin_new_experience_style	2010
microsoft	pinyin_new_experience_style	2010
microsoft	pinyin_simple_fast_style	2010
microsoft	pinyin_simple_fast_style	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "EB80EE2F-80F3-4844-B4E4-F3845F0E82D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:x86:*:*:*:*:*",
              "matchCriteriaId": "6E972A8E-2297-4185-8FBA-5F7F16E8585E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_new_experience_style:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "5D438487-AC20-4747-AC5F-A2CDB8E3C9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_new_experience_style:2010:*:x86:*:*:*:*:*",
              "matchCriteriaId": "EF755F02-4D28-473D-8694-575C48D5B325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_simple_fast_style:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7BE7C859-48F5-4978-8E90-88100075F8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:pinyin_simple_fast_style:2010:*:x86:*:*:*:*:*",
              "matchCriteriaId": "FD10C2F4-D8C5-4BB9-9968-2307845E2179",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka \"Pinyin IME Elevation Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Office Input Method Editor (IME) de chino simplificado de Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, y Office Pinyin New Experience Style 2010 no restringe el acceso a las opciones de configuraci\u00f3n, lo que permite a usuarios locales escalar privilegios a trav\u00e9s de la barra de herramientas IME Microsoft Pinyin (MSPY). Tambi\u00e9n conocido como \"Vulnerabilidad de elevaci\u00f3n de privilegios IME Pinyin\"."
    }
  ],
  "id": "CVE-2011-2010",
  "lastModified": "2024-11-21T01:27:28.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-14T00:55:01.247",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2011-2010

Vulnerability from cvelistv5