Privilege escalation

Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor IME improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability"...

Microsoft IME may insecurely load Dynamic Link Libraries

Overview Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not...

Mozilla: Use-after-free with IME input (MFSA 2017-16)

A use-after-free vulnerability during specific user interactions with the input method editor IME in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox 54, Firefox...

Mozilla: Use-after-free with IME input (MFSA 2017-16)

A use-after-free vulnerability during specific user interactions with the input method editor IME in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox 54, Firefox...

UBUNTU-CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor IME in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox 54, Firefox...

March 14, 2017—KB4013429 (OS Build 14393.953)

March 14, 2017—KB4013429 OS Build 14393.953 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed known issue called out in KB3213986. Users may experience delays while running 3D...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Input Method Editor component in the Windows operating system is related to errors during DLL loading. Exploiting this vulnerability can allow an attacker to increase their privileges locally...

Microsoft Windows IME Elevation of Privilege (MS16-130: CVE-2016-7221)

An elevation of privilege vulnerability exists in Windows Input Method Editor IME. The vulnerability is due to the way Input Method Editor improperly handles DLL loading. A locally authenticated attacker can exploit this vulnerability by running a specially crafted application...

CVE-2016-7221

Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...

CVE-2016-7221

Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...

Microsoft Windows Multiple Vulnerabilities (3199172)

This host is missing a critical security update according to Microsoft Bulletin MS16-130. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS16-130: Security Update for Microsoft Windows (3199172)

The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remot...

Microsoft Windows Input Method Editor CVE-2016-7221 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated system privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 54.0.2840.79 Platform version: 8743.76.0 for all Chrome OS devices except HP Chromebook 13 G1, Acer Chromebook 14 for Work and Thinkpad 13 Chromebook. This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be...

Fedora 24 : 1:epiphany / webkitgtk4 (2016-f4b5897686)

Update WebKitGTK+ package to 2.14.1. Major changes in 2.14.0 : - Threaded compositor is enabled by default in both X11 and Wayland. - Accelerated compositing is now supported in Wayland. - Clipboard works in Wayland too. - Memory pressure handler always works even when cgroups is not present or n...

2345王牌输入法本地权限提升漏洞

Microsoft Windows API使用CreateProcess函数创建新的进程及其主线程。 CreateProcess函数的格式如下： BOOL CreateProcess LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITYATTRIBUTES lpProcessAttributes, LPSECURITYATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTST...

2345 Ace Input Method Local Elevation of Privilege Vulnerability

2345 Ace Input Method is a Chinese input software for PC launched by Shanghai 2,3,4,5 Network Technology Co. The system service installed by 2345 Ace Input Method provides the ability to create an elevated privilege process, but a vulnerability exists in the validation process. Due to improper...

Tails 1.3 - The Amnesic Incognito Live System

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...

VulnCheck KEV: CVE-2014-4077

Microsoft Input Method Editor IME Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default with the default set as disabled. IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE IME for Japanese is installed which...

PT-2014-2028 · Microsoft · Windows Server 2008 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Server versions 2003 SP2 through 2008 SP2 and R2 SP1 Microsoft Windows Vista version SP2 Microsoft Windows 7 version SP1 Microsoft Office version 2007 SP3 Description: The issue is related to the Input Method Editor IME...