Lucene search
Symantec Security ResponseSMNTC-50950HistoryDec 13, 2011 - 12:00 a.m.
Microsoft Pinyin IME (CVE-2011-2010) Local Privilege Escalation Vulnerability
2011-12-1300:00:00
Symantec Security Response
www.symantec.com
10
EPSS
0
Percentile
9.5%
Description
Microsoft Pinyin IME is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause a denial-of-service condition.
Technologies Affected
- Microsoft Office Pinyin New Experience Style 2010 (32-bit edition)
- Microsoft Office Pinyin New Experience Style 2010 (64-bit edition)
- Microsoft Office Pinyin SimpleFast Style 2010 (32-bit edition)
- Microsoft Office Pinyin SimpleFast Style 2010 (64-bit edition)
- Microsoft Pinyin IME 2010 (32-bit edition)
- Microsoft Pinyin IME 2010 (64-bit edition)
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.
Vendor updates are available. Please see the reference advisory for more information.
Related
prion
prion
Privilege escalation
2011-12-14 00:55:00
seebug
seebug
mskb
mskb
nessus
nessus
cvelist
cvelist
CVE-2011-2010
2011-12-14 00:00:00
nvd
nvd
CVE-2011-2010
2011-12-14 00:55:01
cve
cve
CVE-2011-2010
2011-12-14 00:55:01
openvas
openvas
Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
2011-12-14 00:00:00
Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
2011-12-14 00:00:00
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2011-12-15 00:00:00