Lucene search
HistorySep 11, 2013 - 2:03 p.m.
CVE-2013-3859
cve-2013-3859
microsoft
pinyin ime 2010
privilege escalation
internet explorer
vulnerability
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka “Chinese IME Vulnerability.”
Affected configurations
Node
microsoftofficeMatch2010sp1
ORmicrosoftofficeMatch2010sp1x64
ORmicrosoftofficeMatch2010sp1x86
ORmicrosoftpinyin_imeMatch2010x64
ORmicrosoftpinyin_imeMatch2010x86
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:office | microsoft office | eq | 2010 |
| microsoft:pinyin_ime | microsoft pinyin ime | eq | 2010 |
Related
seebug
seebug
Microsoft Office Pinyin IME 2010本地权限提升漏洞(CVE-2013-3859)
2013-09-14 00:00:00
cvelist
cvelist
CVE-2013-3859
2013-09-11 10:00:00
symantec
symantec
nessus
nessus
prion
prion
Design/Logic Flaw
2013-09-11 14:03:00
nvd
nvd
CVE-2013-3859
2013-09-11 14:03:48
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2013-09-11 00:00:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
Related for CVE-2013-3859