Microsoft中文输入系统（Pinyin IME）本地权限提升漏洞(MS11-088)

BUGTRAQ ID: 50950 CVE ID: CVE-2011-2010 Microsoft Office IME CN是微软的中文输入系统。 Microsoft Office IME CN错误公开了不能在安全桌面上运行的配置选项，在实现上存在权限提升漏洞，本地攻击者可利用此漏洞以内核权限执行任意代码，成功利用后可完全控制受影响计算机 Microsoft Pinyin IME 2010 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS11-088）以及相应补丁: MS11-088：Vulnerability in Microso...

CVE-2011-2010

The CVE-2011-2010 issue affects the Microsoft Office IME (Chinese) for Simplified Chinese in Pinyin IME 2010 family (MSPY), including Office Pinyin SimpleFast Style 2010 and Office Pinyin New Experience Style 2010. The root cause is improper restriction of configuration options in the IME toolbar...