Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:21627267
HistoryJul 07, 2017 - 12:00 a.m.

JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries

2017-07-0700:00:00
Japan Vulnerability Notes
jvn.jp
44

0.0004 Low

EPSS

Percentile

9.7%

JSON

Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs.
When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it.
This registry key does not exist by default, and can be created by a normal user.
If an application program is invoked with some high privilege, this mechanism can be leveraged for privilege escalation attacks

Impact

Arbitrary code may be executed with the execution privilege of the application program which initiated Microsoft IME.
This can occur when a user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder and enter in the registry key the specific folder location.

Solution

Update the Software
Apply the Windows Updates according to the information provided by Microsoft.
This issue is addressed in MS16-130 released on November 8th, 2016.

Products Affected

  • Microsoft IME

Related

checkpoint_advisories 1
mscve 1
prion 1
mskb 11
cvelist 1
cve 1
symantec 1
nessus 1
openvas 1
kaspersky 2
checkpoint_advisories
checkpoint_advisories
Microsoft Windows IME Elevation of Privilege (MS16-130: CVE-2016-7221)
2016-12-27 00:00:00
mscve
mscve
Windows IME Elevation of Privilege Vulnerability
2016-11-08 08:00:00
prion
prion
Privilege escalation
2016-11-10 06:59:00
mskb
mskb
MS16-130 and MS16-135: Description of the security update for Windows: November 8, 2016
2016-11-08 08:00:00
MS16-130: Security update for Microsoft Windows: November 8, 2016
2016-11-08 00:00:00
November 2016 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
2016-11-08 08:00:00
cvelist
cvelist
CVE-2016-7221
2016-11-10 06:16:00
cve
cve
CVE-2016-7221
2016-11-10 06:59:00
symantec
symantec
Microsoft Windows Input Method Editor CVE-2016-7221 Local Privilege Escalation Vulnerability
2016-11-08 00:00:00
nessus
nessus
MS16-130: Security Update for Microsoft Windows (3199172)
2016-11-08 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (3199172)
2016-11-09 00:00:00
kaspersky
kaspersky
KLA11832 Multiple vulnerabilities in Microsoft Products (ESU)
2016-11-08 00:00:00
KLA10897 Multiple vulnerabilities in Microsoft Windows
2016-11-08 00:00:00

0.0004 Low

EPSS

Percentile

9.7%

JSON
Related for JVN:21627267
checkpoint_advisories1mscve1prion1mskb11cvelist1cve1symantec1nessus1openvas1kaspersky2